Android 2.3.5 supplicants failing after upgrade to FreeRADIUS 2.2.5 from 2.2.0
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Jun 2 23:27:39 CEST 2014
Hi,
these
> err='Server used client certificate'
> EAP: Status notification: remote certificate verification (param=Server
> used client certificate)
...having a quick look I see the following:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.29
Policy: 2.23.140.1.2.2
thats a heck of a lot of x509 extensions for a RADIUS server. why the
"TLS Web Client Authentication" entitlement? - as per the other post that could
cause issues. the cert shouldnt be valid for digital signatures or such - I wonder if
the TCS are at fault here for some of the assertions/additions? we just have
X509v3 Extended Key Usage:
TLS Web Server Authentication
(and a CRLDP (thanks Windows Mobile and Windows 8!) )
alan
More information about the Freeradius-Users
mailing list