RE: OCSP parsing in client certificate

2013-04-22 Thread Beltramini Francesco
31 To: FreeRadius users mailing list Subject: Re: OCSP parsing in client certificate Beltramini Francesco wrote: > Ok I see what you mean. > However, in my first mail I've also specified that: > > openssl x509 -in beltraminif.cer -noout -ocspid -ocsp_uri returns > http://crl.

Re: OCSP parsing in client certificate

2013-04-19 Thread Alan DeKok
Beltramini Francesco wrote: > Ok I see what you mean. > However, in my first mail I've also specified that: > > openssl x509 -in beltraminif.cer -noout -ocspid -ocsp_uri > returns > http://crl.ema.europa.eu/ocsp (which is the correct url) > > Do you know what kind of parsing is radius asking

RE: OCSP parsing in client certificate

2013-04-19 Thread Beltramini Francesco
list Subject: Re: OCSP parsing in client certificate Beltramini Francesco wrote: > Alan: does the change log refer to certificates without the proper extensions > defined ? Because my situation is slightly different, the clients present a > certificate that does contain the OCSP propertie

Re: OCSP parsing in client certificate

2013-04-19 Thread Alan DeKok
Beltramini Francesco wrote: > Alan: does the change log refer to certificates without the proper extensions > defined ? Because my situation is slightly different, the clients present a > certificate that does contain the OCSP properties. See the debug log. OpenSSL doesn't think so. It was

RE: OCSP parsing in client certificate

2013-04-19 Thread Beltramini Francesco
amini=ema.europa...@lists.freeradius.org] On Behalf Of Matthew Newton Sent: 16 April 2013 21:56 To: FreeRadius users mailing list Subject: Re: OCSP parsing in client certificate On Tue, Apr 16, 2013 at 04:30:18PM -0400, Alan DeKok wrote: > Beltramini Francesco wrote: > > but when I try to remov

Re: OCSP parsing in client certificate

2013-04-16 Thread Matthew Newton
On Tue, Apr 16, 2013 at 04:30:18PM -0400, Alan DeKok wrote: > Beltramini Francesco wrote: > > but when I try to remove this feature and use the OCSP > > property extracted from the client certificate, the radiusd -X > > output is: > > > > [tls] --> Starting OCSP Request > > [ocsp] --> Responder UR

Re: OCSP parsing in client certificate

2013-04-16 Thread Alan DeKok
Beltramini Francesco wrote: > I have a small/big issue and I cannot find a good solution for that. > Scenario: > iPhones with certificates from internal PKI, joining a Wi-Fi network > protected by WPA2-Enterprise authenticating against a Freeradius server v. > 2.1.12 (Redhat 6.3). ... > but whe

OCSP parsing in client certificate

2013-04-16 Thread Beltramini Francesco
Dear all, I have a small/big issue and I cannot find a good solution for that. Scenario: iPhones with certificates from internal PKI, joining a Wi-Fi network protected by WPA2-Enterprise authenticating against a Freeradius server v. 2.1.12 (Redhat 6.3). The radius server has as well an interna