PEAP certificates, signing requirements and examples

Eshun Benjamin bkeshun at yahoo.fr
Tue Jul 10 17:54:18 CEST 2007 

> I have read and used the make_cert_command = "${certdir}/bootstrap"; its
> excellent tool but it only creates clientAuth and serverAuth and does
> not add PEAP 

  Huh?  What do you mean by that?

You have clarified,
There's no need to post the OID's in every message.  We've seen them
before.
 
> ... it usually pops up message
> "the server certificate is not trusted because there no explicit trust
> settings" - this seem to require the setting of eap oid.

  No.  If you get that message, then the OID is in the certificate, and
PEAP is working.  The message simply says that the certificate isn't
signed by a root CA your system knows about.

I get this message even with certificate signed by root CA. And also by intermediate CA. Thanks Alan, I have to ask Apple.


================================================== 
Benjamin K. Eshun

----- Message d'origine ----
De : Alan DeKok <aland at deployingradius.com>
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Envoyé le : Mardi, 10 Juillet 2007, 14h55mn 34s
Objet : Re: Re : PEAP certificates, signing requirements and examples

Eshun Benjamin wrote:
> I have read and used the make_cert_command = "${certdir}/bootstrap"; its
> excellent tool but it only creates clientAuth and serverAuth and does
> not add PEAP 

  Huh?  What do you mean by that?

> ... it usually pops up message
> "the server certificate is not trusted because there no explicit trust
> settings" - this seem to require the setting of eap oid.

  No.  If you get that message, then the OID is in the certificate, and
PEAP is working.  The message simply says that the certificate isn't
signed by a root CA your system knows about.

> The question is
> what is the difference between web server and radius server certificates
> with respect to ssl and wireless in the context of EAP, PEAP.

  Ask Microsoft.

> [ PEAP ]
...

  There's no need to post the OID's in every message.  We've seen them
before.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html








      _____________________________________________________________________________ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070710/59f2edf3/attachment.html>

More information about the Freeradius-Users mailing list