purpose of xp extensions
Alan DeKok
aland at deployingradius.com
Thu Jun 28 18:19:29 CEST 2018
On Jun 28, 2018, at 11:48 AM, d tbsky <tbskyd at gmail.com> wrote:
> 2. is xp extensions only useful if we want client to verify server certificate?
The extensions show the allowed uses of the server / client certificates.
> 3. if we use certificate like let's encrypt without xp extensions.
> what function do we miss?
Among other things, newer versions of OpenSSL will refuse to do client certificates if the server doesn't have the correct extensions.
> I know it is not very secure to use public
> CA, but it seems easier when deal with mobile devices bring by users.
> they just want to access wifi with their active directory
> username/password.
That generally doesn't work. Some systems prompt the user to accept the certs. Others don't, and silently fail.
Alan DeKok.
More information about the Freeradius-Users
mailing list