Hi,
Following line is from the CA.all script provided by FreeRADIUS for generation of certificates:
openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem
My question is:
Is the use of "-extensions" here necessary for authenticating a Client to the FreeRADIUS Server using EAP-TLS/EAP-TTLS?
Whenever I use the above-mentioned line in my CA.all script, my Client fails to verify the Certificate chain as sent by the Server.
On the other hand, if I use the following line in the CA.all script instead of the line mentioned above:
openssl ca -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -infiles newreq.pem
everything works out fine ... Client does not complain of "Verifying failure" as in the first case.
So can we do without "-extensions" or not?
Thanks, Bilal
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.com/
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
