(RADIATOR) SSL certificate for 802.1x PEAP/aironet1100 WLAN

Scott Xiao - ANTlabs scottxiao at antlabs.com
Mon Aug 2 21:59:35 CDT 2004


Hi,
Can any of you recommend one workable Radius(Radiator) server certificate
besides Verisign?I want to buy a cheaper one,use it in  802.1x PEAP WLAN
hotspot.If I use it for domain "hostname.mydomain.com" ,can I use the same
certificate in future if I deploy a same WLAN in another place which will
still use the same domain name?Thanks!
Rgds
Scott Xiao
-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
Behalf Of Terry Simons
Sent: Thursday, July 29, 2004 1:15 PM
To: Christian Wiedmann
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100 WLAN


Hi,

On Jul 28, 2004, at 1:32 PM, Christian Wiedmann wrote:

> As far as I know, the XP server extension OID is the one that is also
> used for web servers.  Therefore, a web server certificate should work.

This is true.  There is one thing that people should probably be aware
of, however.

At the last Networld + Interop HotStage, we did some extensive testing
with this and it was determined that what should probably happen is to
officially apply for some OIDs for 802.1X authentication servers.  One
of the HotStage members that is involved in the IETF and the IEEE is
pushing that a bit, so it could be the case that a "proper" OID set
will come out in the future.  It could be a ways out, but I personally
hope that it happens so we can have an "official" way of creating
"802.1X authentication" certificates.

- Terry

>
> For what it's worth, I've successfully used a Verisign web server
> certificate
> for PEAP authentication against Windows XP SP1.  I think there's a good
> chance a freessl certificate would work too.
>
> 	-Christian
>
> ref.:
> http://support.microsoft.com/?kbid=814394
> http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.1.html
> http://www.ietf.org/rfc/rfc2459.txt
>
> On Wed, 28 Jul 2004, Mike McCauley wrote:
>
>> Date: Wed, 28 Jul 2004 19:35:44 +1000
>> From: Mike McCauley <mikem at open.com.au>
>> To: scottxiao at antlabs.com
>> Cc: Radiator <radiator at open.com.au>
>> Subject: Re: (RADIATOR) SSL certificate for  802.1x PEAP/aironet1100
>> WLAN
>>
>> Hi Scott,
>>
>>
>> On Wednesday 28 July 2004 18:41, Scott Xiao  - ANTlabs wrote:
>>> Hi,Mike,
>>> Thanks, so do you have any suggestion that I can purchase regarding
>>> the
>>> cert for radius server?Verisign?which type?If you have any
>>> recommendation
>>> that it works well on Radiator....Thanks
>>
>> Verisign offer certificates for radius servers, but I dont know the
>> details of
>> how to apply for one. They do work with Radiator. You should try to
>> get it in
>> PEM format.
>>
>> Cheers.
>>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list