Anything special to apply a server cert by CSR for eap-tls?
luckydogxf at gmail.com
Fri Dec 14 12:02:47 CET 2018
Yes, shared cert isn't a good idea, enterprise CA is needed.
On Fri, Dec 14, 2018 at 6:58 PM Matthew Newton <mcn at freeradius.org> wrote:
> On Fri, 2018-12-14 at 18:34 +0800, luckydog xf wrote:
> > The exact error msg is ' the request does not contain a certificate
> > template extension or the Certificate Template request attribute.'
> > I used make server.csr to generate CSR, and choose RAS and IAS Server
> > template which used by NPS of windows, including EKU of
> > 220.127.116.11.18.104.22.168.1.
> I'm not sure how else to say "you need to talk to the person who runs
> your CA". Looking at Microsoft errors isn't relevant to the FreeRADIUS
> > A quick question, is it possible to not use password for client cert?
> > So I'll use Group policy and deploy it on all domain computers.
> > All users share the same cert, is is best practice?
> When one of your users does something bad, you have to reissue a new
> certificate to everyone, and you probably don't know who it was anyway?
> So no.
> List info/subscribe/unsubscribe? See
More information about the Freeradius-Users