Hi, Jason (and other people interested in the secret world of M$-"implementations")
Had some experiences with M$-certificate authorities. We provided a root cert to a M$-Certificate server, which led to some problems. Hey, Vadim, it may be a less than perfect idea to let M$ do the support. In my case they took about a month to provide the needed hints and they were provided in form of MS-API stuff. The solution, nevertheless was easy, and mavbe it helps you: 1) It definitely needed crlDistributionPoints and authorityInfoAccess and, most important, when creating the pkcs#12: use the -keysig option! Hope this helps. (If you need any "whys" I could provide you with some correspondence) Best regards, Michael Am 2002-11-18 5:10 Uhr schrieb "Jason Haar" unter <[EMAIL PROTECTED]>: > [Bit cheeky asking in the FreeRADIUS group :-)] > > Can anyone tell me the magic extensions I need to add to make OpenSSL make > client/server certs that will make Microsoft Internet Access Server (RADIUS > Server) do EAP-TLS? As usual, M$ appear to have made IAS only accept certs > generated by M$ Certificating Authority Server, and we're using OpenSSL... > > And no - FreeRADIUS would currently not be an option anywhere else in the > company except where I am :-) > > Thanks! -- ************************************************************************ Karl-Michael Werzowa A-1190 Wien, Paradisgasse 28/4/6 +43 (664)302 4511, fax +43 (1)328 1992 14 [EMAIL PROTECTED], [EMAIL PROTECTED] ************************************************************************ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]