Re: Installing a signed SSL certificate
One thing to be mindful of with InstantSSL is that they might be using a chained root cert.i.e. GlobalCorp has the CA, signs InstantSSL root as suitable for signing. InstantSSL signs your cert.This is not usually a problem for software like Apache httpd, but can cause problems with less flexible server software. 1. I do not know if InstantSSL is doing this (although I vaguely remember them as providing a certificate like this to someone I know)2. I do not know if FreeRADIUS will have problems using the chained certificate. Cheers,BenOn 12/4/05, Laker Netman <[EMAIL PROTECTED]> wrote: Yes, it's PEAP over wifi with XP supplicants. I willquery the CA as to whether that oid is included.Regards, Laker--- Ben Thompson <[EMAIL PROTECTED]> wrote: > On Fri, 2005-12-02 at 10:03 -0800, Laker Netman> wrote:> > I am considering use of a CA-signed SSL> certificate.> > Comodo (instantssl.com) offers an "Intranet SSL" > > certificate good on a single, internal host. All> of> > their documentation refers to set up with a web> server> > or for email verification. Would it also work with> FR? >> Are you doing PEAP on a wireless network with> Windows clients?>> If so, you need to check that the certificate> includes the> server authentication oid 1.3.6.1.5.5.7.3.1 in the> enhanced usage> section.>> Cheers>> Ben>> -> List info/subscribe/unsubscribe? See> http://www.freeradius.org/list/users.html >__Yahoo! DSL – Something to write home about.Just $16.99/mo. or less.dsl.yahoo.com-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installing a signed SSL certificate
Yes, it's PEAP over wifi with XP supplicants. I will query the CA as to whether that oid is included. Regards, Laker --- Ben Thompson <[EMAIL PROTECTED]> wrote: > On Fri, 2005-12-02 at 10:03 -0800, Laker Netman > wrote: > > I am considering use of a CA-signed SSL > certificate. > > Comodo (instantssl.com) offers an "Intranet SSL" > > certificate good on a single, internal host. All > of > > their documentation refers to set up with a web > server > > or for email verification. Would it also work with > FR? > > Are you doing PEAP on a wireless network with > Windows clients? > > If so, you need to check that the certificate > includes the > server authentication oid 1.3.6.1.5.5.7.3.1 in the > enhanced usage > section. > > Cheers > > Ben > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > __ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installing a signed SSL certificate
On Fri, 2005-12-02 at 10:03 -0800, Laker Netman wrote: > I am considering use of a CA-signed SSL certificate. > Comodo (instantssl.com) offers an "Intranet SSL" > certificate good on a single, internal host. All of > their documentation refers to set up with a web server > or for email verification. Would it also work with FR? Are you doing PEAP on a wireless network with Windows clients? If so, you need to check that the certificate includes the server authentication oid 1.3.6.1.5.5.7.3.1 in the enhanced usage section. Cheers Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Installing a signed SSL certificate
I am considering use of a CA-signed SSL certificate. Comodo (instantssl.com) offers an "Intranet SSL" certificate good on a single, internal host. All of their documentation refers to set up with a web server or for email verification. Would it also work with FR? There signed certificates are returned as ".crt" files, is this the same as the cert-srv.pem referenced in the self-signed tutorial? TIA, Laker. __ Start your day with Yahoo! - Make it your home page! http://www.yahoo.com/r/hs - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html