Re : Re : PEAP certificates, signing requirements and examples

Tue, 10 Jul 2007 09:13:56 -0700 

> I have read and used the make_cert_command = "${certdir}/bootstrap"; its
> excellent tool but it only creates clientAuth and serverAuth and does
> not add PEAP 

  Huh?  What do you mean by that?

You have clarified,
There's no need to post the OID's in every message.  We've seen them
before.
 
> ... it usually pops up message
> "the server certificate is not trusted because there no explicit trust
> settings" - this seem to require the setting of eap oid.

  No.  If you get that message, then the OID is in the certificate, and
PEAP is working.  The message simply says that the certificate isn't
signed by a root CA your system knows about.

I get this message even with certificate signed by root CA. And also by 
intermediate CA. Thanks Alan, I have to ask Apple.


================================================== 
Benjamin K. Eshun

----- Message d'origine ----
De : Alan DeKok <[EMAIL PROTECTED]>
À : FreeRadius users mailing list <freeradius-users@lists.freeradius.org>
Envoyé le : Mardi, 10 Juillet 2007, 14h55mn 34s
Objet : Re: Re : PEAP certificates, signing requirements and examples

Eshun Benjamin wrote:
> I have read and used the make_cert_command = "${certdir}/bootstrap"; its
> excellent tool but it only creates clientAuth and serverAuth and does
> not add PEAP 

  Huh?  What do you mean by that?

> ... it usually pops up message
> "the server certificate is not trusted because there no explicit trust
> settings" - this seem to require the setting of eap oid.

  No.  If you get that message, then the OID is in the certificate, and
PEAP is working.  The message simply says that the certificate isn't
signed by a root CA your system knows about.

> The question is
> what is the difference between web server and radius server certificates
> with respect to ssl and wireless in the context of EAP, PEAP.

  Ask Microsoft.

> [ PEAP ]
...

  There's no need to post the OID's in every message.  We've seen them
before.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html








      
_____________________________________________________________________________ 
Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to