client certs

Craig White craigwhite at
Thu Dec 11 01:57:28 CET 2008

On Thu, 2008-12-11 at 01:49 +0100, tnt at wrote:
> >I only re-generated the 'client' certificate but in doing a diff, it
> >appears that every level of cert generation has I have to
> >start over?
> >
> You should. Original Makefile was creating ca certificate that was valid
> only for 30 days. This one will use value from ca.cnf.
> >Windows is still complaining with new client certificate and yes, system
> >is XP Service Pack 3 so it's pretty much up-to-date
> >
> Then you haven't got the (correct) ca.der certificate in your trusted
> root certificate store.
I was afraid you were gonna say that...

I am honing by BOFH chops...each time I make new certs, I chase the
iPhone users through their setup to accept the new cert.


Though I was pretty certain that the certs I was making through my own
scripts were right, I thought if I used the cert creation scripts from
freeradius, things would just work...

OK - I'll look at the cnf options because it would be nice to have more
than 30 days anyway



More information about the Freeradius-Users mailing list