On Sat, Jun 13, 2009 at 7:08 AM, Ivan Kalik<t...@kalik.net> wrote: >> I used the Makefile to generate the certs. I then exported ca.der and >> client.p12 and installed them on the XP box. Did I get the wrong >> files? > > No, those are correct files. Is ca OK but you get errors for client > certificate? Try using included Makefile (rename old Makefile to > Makefile.old and this one to Makefile). It will create client certificates > signed by the ca certificate. > > Ivan Kalik > Kalik Informatika ISP
Hi Ivan, The makefile you sent me allowd me to generate a correct client.p12 which cleared up the error reported by windows. Thanks very much. So it looks like windows may prefer personal certs signed by the CA rather than the server? I can sucessfully use the client cert with the "Smart Card or other Certificate" options on Windows XP/SP3 (which uses EAP-TLS I believe). However it didn't fix my issue with trying to use a cert and PEAP or TTLS. So I am stumped still on that one. Any other ideas? Thanks for your help! John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html