(RADIATOR) SSL certificate for 802.1x PEAP/aironet1100 WLAN

Terry Simons galimore at mac.com
Mon Aug 2 22:44:31 CDT 2004


Hi Scott,

You *can* reuse a server certificate in another location later.

The domain name has no real significance, except that you need to 
verify it on the client to ensure that your clients are secure.  The 
domain can be whatever you like, and can exist on multiple servers... 
there is no inherent tie to any given server.

That said, it is probably *not* a good idea to reuse certificates in a 
production environment, but it does work.

Is the main reason why you are purchasing certificates to ensure that 
the client has a pre-installed CA certificate that will verify your 
certificate, or for some other reason?

If your main concern is the cost, you should probably consider rolling 
your own certificates.

- Terry

On Aug 2, 2004, at 8:59 PM, Scott Xiao - ANTlabs wrote:

>
> Hi,
> Can any of you recommend one workable Radius(Radiator) server 
> certificate
> besides Verisign?I want to buy a cheaper one,use it in  802.1x PEAP 
> WLAN
> hotspot.If I use it for domain "hostname.mydomain.com" ,can I use the 
> same
> certificate in future if I deploy a same WLAN in another place which 
> will
> still use the same domain name?Thanks!
> Rgds
> Scott Xiao
> -----Original Message-----
> From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au]On
> Behalf Of Terry Simons
> Sent: Thursday, July 29, 2004 1:15 PM
> To: Christian Wiedmann
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) SSL certificate for 802.1x PEAP/aironet1100 
> WLAN
>
>
> Hi,
>
> On Jul 28, 2004, at 1:32 PM, Christian Wiedmann wrote:
>
>> As far as I know, the XP server extension OID is the one that is also
>> used for web servers.  Therefore, a web server certificate should 
>> work.
>
> This is true.  There is one thing that people should probably be aware
> of, however.
>
> At the last Networld + Interop HotStage, we did some extensive testing
> with this and it was determined that what should probably happen is to
> officially apply for some OIDs for 802.1X authentication servers.  One
> of the HotStage members that is involved in the IETF and the IEEE is
> pushing that a bit, so it could be the case that a "proper" OID set
> will come out in the future.  It could be a ways out, but I personally
> hope that it happens so we can have an "official" way of creating
> "802.1X authentication" certificates.
>
> - Terry
>
>>
>> For what it's worth, I've successfully used a Verisign web server
>> certificate
>> for PEAP authentication against Windows XP SP1.  I think there's a 
>> good
>> chance a freessl certificate would work too.
>>
>> 	-Christian
>>
>> ref.:
>> http://support.microsoft.com/?kbid=814394
>> http://www.alvestrand.no/objectid/1.3.6.1.5.5.7.3.1.html
>> http://www.ietf.org/rfc/rfc2459.txt
>>
>> On Wed, 28 Jul 2004, Mike McCauley wrote:
>>
>>> Date: Wed, 28 Jul 2004 19:35:44 +1000
>>> From: Mike McCauley <mikem at open.com.au>
>>> To: scottxiao at antlabs.com
>>> Cc: Radiator <radiator at open.com.au>
>>> Subject: Re: (RADIATOR) SSL certificate for  802.1x PEAP/aironet1100
>>> WLAN
>>>
>>> Hi Scott,
>>>
>>>
>>> On Wednesday 28 July 2004 18:41, Scott Xiao  - ANTlabs wrote:
>>>> Hi,Mike,
>>>> Thanks, so do you have any suggestion that I can purchase regarding
>>>> the
>>>> cert for radius server?Verisign?which type?If you have any
>>>> recommendation
>>>> that it works well on Radiator....Thanks
>>>
>>> Verisign offer certificates for radius servers, but I dont know the
>>> details of
>>> how to apply for one. They do work with Radiator. You should try to
>>> get it in
>>> PEM format.
>>>
>>> Cheers.
>>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list