client certs

tnt at tnt at
Thu Dec 11 02:15:20 CET 2008

>Is it normal for this 'client' certificate to show "Windows does not
>have enough information to verify this certificate" when you view it?

No. Click on the details and see who is the issuer - server or ca. You
should give users .p12 certificates which can't be installed without a
password used to create them. They can be viewed once they are installed.

>I did take the 'ca.der' and that is loaded in 'Trusted Root Authorities'
>and seems to be happy there but the client certificate, even newly
>generated from the scripts and the new Makefile from Ivan still shows
>that warning. It seems possible to me that the certificate provided by
>the server should provide the link between the CA certificate and the
>client certificate installed on the Windows client and make it happy but
>I haven't gotten this to work right - at least consistently.

Link between them exists when ca is the issuer. It is listed in client
certificate details. In theory, it is better for server certificate ti
issue client certificates. In practice, Windows won't recongnize
intermediate CA role for server certificate.

Ivan Kalik
Kalik Informatika ISP

More information about the Freeradius-Users mailing list