Anything special to apply a server cert by CSR for eap-tls?

Matthew Newton mcn at
Fri Dec 14 11:57:57 CET 2018

On Fri, 2018-12-14 at 18:34 +0800, luckydog xf wrote:
> The exact error msg is '  the request does not contain a certificate
> template extension or the Certificate Template request attribute.'
> I used make server.csr to generate CSR, and choose RAS and IAS Server
> template which used by NPS of windows, including EKU of

I'm not sure how else to say "you need to talk to the person who runs
your CA". Looking at Microsoft errors isn't relevant to the FreeRADIUS

> A quick question, is it possible to not use password for client cert?


> So I'll use Group policy and deploy it on all domain computers.
> All users share the same cert,  is is best practice?

When one of your users does something bad, you have to reissue a new
certificate to everyone, and you probably don't know who it was anyway?

So no.


More information about the Freeradius-Users mailing list