PEAP - Intermediate CA

Johan Meiring jmeiring at pcservices.co.za
Thu May 14 15:20:11 CEST 2009


Alan DeKok wrote:
> Meyers, Dan wrote:
>> I was having this exact same problem for a significant period of time
>> when I bought a new Verisign cert for our servers which was chained (the
>> old one being directly root signed, which Verisign no longer do). It
>> would appear to be a bug/security patch in XP sometime after SP2 that
>> causes this.
> 
>   Ouch.  That is evil.
> 
>   I've updated raddb/certs/README with various rants about this.
> 
>   Alan DeKok.

Might be usefull to add that the certificates we use (bought from 
www.geotrust.com via opensrs) are directly root signed.
(Our web server certificates anyway - I assume the certificates 
freeradius uses are the same kind)

Unsure whether you feel comfortable "advertising" anyone, but people 
might want to know where to get a "directly signed" certificate.

-- 


Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782




More information about the Freeradius-Users mailing list