Alexandros Gougousoudis a écrit :
Hi Ivan,
Try signing client certificates with the ca certificate. I have included
modified Makefile for 2.1.3. I have added "make caclient.pem" to
produce client certificates and "cleanca" to remove them. Try
importing caclient.p12 created this way onto the user machine (along
with ca.der) and see if they will work with SP3. They should work with
SP2 as well.
Thanks for your reply, but that is already what I do. I have created a
CA in TinyCA and the server has a signed server-cert and each client
has a signed client-cert (both with the XP specific usage attributes).
I had an issue once when using client certs generated with TinyCA, this
was due to the fact that, by default, TinyCA includes the emailAddress
in the DN subject.
Issuer: C=DE, ST=Berlin, L=Berlin, O=KHB HfM HfS,
OU=ServiceCenter-IT,
CN=ServiceCenter-IT_KHB_HfM_HfS/emailaddress=sc...@kh-berlin.de
Your CA cert's DN includes the emailAddress, though this was not exactly
the issue I had (mine was related to the client certs), I would
recommend not adding this emailAddress to the DN and test again.
HTH,
Thibault
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
