PEAP certificates, signing requirements and examples

Alan DeKok aland at deployingradius.com
Tue Jul 10 14:55:34 CEST 2007


Eshun Benjamin wrote:
> I have read and used the make_cert_command = "${certdir}/bootstrap"; its
> excellent tool but it only creates clientAuth and serverAuth and does
> not add PEAP 

  Huh?  What do you mean by that?

> ... it usually pops up message
> "the server certificate is not trusted because there no explicit trust
> settings" - this seem to require the setting of eap oid.

  No.  If you get that message, then the OID is in the certificate, and
PEAP is working.  The message simply says that the certificate isn't
signed by a root CA your system knows about.

> The question is
> what is the difference between web server and radius server certificates
> with respect to ssl and wireless in the context of EAP, PEAP.

  Ask Microsoft.

> [ PEAP ]
...

  There's no need to post the OID's in every message.  We've seen them
before.

  Alan DeKok.



More information about the Freeradius-Users mailing list