(RADIATOR) Using CA certificate from Windows 2003 Server CA?

Mike McCauley mikem at open.com.au
Mon Aug 30 16:06:12 CDT 2004


Hello John,


On Tuesday 31 August 2004 00:34, Pickett, John wrote:
> Mike,
>
> Yes, the one we request using the Certificates MMC we can convert
> because it contains both private and public key data and we select to
> allow export of the private key.  The downloaded one does NOT have the
> private key in it.  At first I was thinking that would be an easy
> solution but then I started to think that you wouldn't want to have
> private keys floating around and that places like Verisign obviously
> aren't going to give you a PEM certificate with both their private and
> public keys attached.  I technically have access to the CA and could
> export it with the private key, but I just can't see why it'd be
> required since the public key should be all that's required to validate
> the chain (I'd think?).  I've also tried converting it using the public
> key only options in OpenSSL to no avail.

OK, I understand. If you want to send the one without the private key to me 
(only), I can try to convert it for you.

You are right that it would be bad to make files containing private keys 
available to all and sundry. The private key has to be kept private and 
secret. The certificate (without private key) can supposedly be made 
available to anybody without compromising security.

Cheers.

>
> John Pickett
>
> -----Original Message-----
> From: Mike McCauley [mailto:mikem at open.com.au]
> Sent: Thursday, August 26, 2004 5:51 PM
> To: Pickett, John
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Using CA certificate from Windows 2003 Server
> CA?
>
> Hello John,
>
> On Friday 27 August 2004 07:58, Pickett, John wrote:
> > Hello all,
> >
> > We're trying to setup PEAP w/ MS-CHAPv2 and have it working 100% with
> > the demo certificates if we choose not to validate them.  We're now
> > trying to switch to our own internal certificates generated by Windows
> > 2003 CA.  I have been able to successfully request a certificate for
>
> the
>
> > Radiator server and convert it to PEM format via OpenSSL.  However,
>
> when
>
> > I've downloaded the CA certificate (.cer file) and try to convert it
>
> to
>
> > PEM, I get the following:
>
> So, you can convert the generated on OK, but not the downloaded one?
> Does the
> downloaded one have a private key in it? Does the generated one have a
> private key in it?
>
> Cheers.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list