[ Re: eap-ttls failing]

Craig White craigwhite at azapple.com
Wed Jan 28 04:05:57 CET 2009


On Tue, 2009-01-27 at 21:08 -0500, Josh Hiner wrote:
> On Tue, 2009-01-27 at 23:05 +0100, tnt at kalik.net wrote:
> > >Yes the cert is there, does report the correct oid etc.. etc.. Attached
> > >is the client certificate I am using. I even went into the configuration
> > >and made it so XP asks me to select my certificate manually. I select
> > >the certificate manually and it still gives the same error as above
> > >(Error in RegOpenKeyEx for base key, 2) etc.. Maybe there is still a
> > >problem with the certificate but it all looks fine to me. Can you peak
> > >at the cert for me? This is happening on all machines so there must be a
> > >problem with it? When I install the cert it asks me for the cert
> > >password which I type in (I use the password I put in the client.cnf
> > >file). There should be an input and output password in client.cnf
> > >correct? I'm at a loss.
> > >
> > 
> > It is most likely a deliberate undermining of self-signed certificates.
> > It looks wery much like this bug reported for machine certificates (user
> > certificates weren't affected at the time).
> > 
> > http://social.technet.microsoft.com/Forums/en-US/itproxpsp/thread/ceaf827d-3cff-4a5f-a8e0-d32ac2bf9ea9/
> > 
> > Ivan Kalik
> > Kalik Informatika ISP
> Ug! For such a problem, I am not seeing anything come across the mailing
> list. I would think that what I am doing is fairly popular? Why are more
> people not complaining? This is too bad and if true, very poor.
----
I was complaining about it a few weeks ago (all my systems have been
upgraded to SP3) and I was made to feel that it was just me.

Craig




More information about the Freeradius-Users mailing list