Hello Bilal.
Dne petek 19 november 2004 09:02 je Bilal Shahid napisal(a):
I am using FreeRADIUS to authenticate the XSupplicant using EAP-TLS. The
certificates are being generated using the script CA.all. For the Server
certificate, the TLS Web Server OID used is 1.3.6.1.5.5.7.3.1.
Now what the FreeRADIUS Server is actually sending out to the Client
(XSupplicant) (as seen from the Access Challenge packet dump while running
the FreeRADIUS Server in the debug mode) is the following byte sequence:
0x08 2b 06 01 05 05 07 03 01
as opposed to
0x01 03 06 01 05 05 07 03 01
Have you checked the certificate for errors ? I've been using this EKU
without problems with freeradius. AFAIK freeradius is not processing
the certificates, but the openssl code is.
In openssl.cnf you need:
# [ eku ]
extendedKeyUsage = 1.3.6.1.5.5.7.3.1
And when you sign a certificate request (I use openssl directly):
openssl ca -extensions eku ...
Check the certificate with:
# openssl x509 -in krkotnik.arnes.si_cert.pem -noout -text
[...]
X509v3 extensions:
X509v3 Extended Key Usage:
TLS Web Server Authentication
[...]
--
lep pozdrav,
Rok Pape.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html