On Fri, Jan 21, 2011 at 10:33 PM, Alan Buxey <a.l.m.bu...@lboro.ac.uk>wrote:
> > 2) Issuing client certs isn't that difficult.� with windows vista/7, > > installing a cert is a simple double-click operation, so if they have > a > > usb flash, you can use linux to zip a copy of their private key and a > .doc > > with instructions (including screenies!) on configuring their OS in a > > matter of seconds, all they have to do is stop by IT to request a key > > once, and it's good for as long as you honour it. > > if dealing with client keys - most of the times its just PEAP with > user/pass > and its the CA thats an issue. even then there are ways of doing this > quite > easily... eg https://su1x.sf.net > I also quite like using the root certificates tool which happily imports certificates into the root certificate store in windows. Go to here: http://support.microsoft.com/kb/931125 Download the "rootsupd.exe<http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe>" from there and expand it with winzip or winrar. Then convert your DER file into a P7B using OpenSSL: openssl crl2pkcs7 -nocrl -certfile internalca1.der -certfile internalca2.der -out internalca.p7b Then use "updroots.exe" included in the exe to import the certificate into your local certificate chain: updroots -l internalca.p7b And you're done You can even use "iexpress" if you're running windows XP to re-package everything back into a self extracting exe.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html