certificates in FR 2.0.1 on windows doesnt works
Alan DeKok
aland at deployingradius.com
Fri Jan 25 23:12:59 CET 2008
orion wrote:
> but when i import the client.p12 certificate the linkage is
>
> CA certificate
> |- server certificate
> |- client certificate
>
> in that moment the server part tells ( it not allow to issue certificate
> for others).
There's no reason why the intermediate certificate can't issue a
client certificate.
And yes, you already said it complained about that. There's no reason
to re-post a summary of that message. You were asked to post *specific*
information.
> So the server certifiace is not allowed to issue certificate ( in this
> case to issue the certificate for the server. ).
Nonsense.
> 1)Its necessary to import the server certificate + ca certificate +
> client certificate ?
> 2)or only ca certificate + client certificate ?
>
> the second case the linkage between the ca and client doesnt exist ( as
> you said "is the server the issuer of the client`s certificate" ).
A direct linkage doesn't exist, and doesn't need to exist.
Windows has *zero* problems using such a client certificate for
EAP-TLS. If you see an error message, then either the software you're
using is broken, or you didn't understand the message it's producing.
Alan DeKok.
More information about the Freeradius-Users
mailing list