(RADIATOR) Using CA certificate from Windows 2003 Server CA?
Pickett, John
jpickett at acs.utah.edu
Mon Aug 30 09:34:19 CDT 2004
Mike,
Yes, the one we request using the Certificates MMC we can convert
because it contains both private and public key data and we select to
allow export of the private key. The downloaded one does NOT have the
private key in it. At first I was thinking that would be an easy
solution but then I started to think that you wouldn't want to have
private keys floating around and that places like Verisign obviously
aren't going to give you a PEM certificate with both their private and
public keys attached. I technically have access to the CA and could
export it with the private key, but I just can't see why it'd be
required since the public key should be all that's required to validate
the chain (I'd think?). I've also tried converting it using the public
key only options in OpenSSL to no avail.
John Pickett
-----Original Message-----
From: Mike McCauley [mailto:mikem at open.com.au]
Sent: Thursday, August 26, 2004 5:51 PM
To: Pickett, John
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Using CA certificate from Windows 2003 Server
CA?
Hello John,
On Friday 27 August 2004 07:58, Pickett, John wrote:
> Hello all,
>
> We're trying to setup PEAP w/ MS-CHAPv2 and have it working 100% with
> the demo certificates if we choose not to validate them. We're now
> trying to switch to our own internal certificates generated by Windows
> 2003 CA. I have been able to successfully request a certificate for
the
> Radiator server and convert it to PEM format via OpenSSL. However,
when
> I've downloaded the CA certificate (.cer file) and try to convert it
to
> PEM, I get the following:
So, you can convert the generated on OK, but not the downloaded one?
Does the
downloaded one have a private key in it? Does the generated one have a
private key in it?
Cheers.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list