(RADIATOR) CA signed certificate for PEAP and TTLS
Mike McCauley
mikem at open.com.au
Thu Jan 24 16:05:56 CST 2008
Hello Bob,
On Friday 25 January 2008 01:20, Bob Shafer wrote:
> Rather than using a self-signed certificate generated by the
> mkcertificate.sh script DU would like to use one signed by a Certificate
> Authority. After looking at the code in that script it appears that the
> CA must add in the xpextentions to support the MS native supplicant.
>
> I'm guessing this means that one needs a wireless lan friendly CA.
Yes, thats correct.
MS (and most other windows) supplicants require that the server cert have the
'Server Authentication' EKU set in it.
>
> My two questions are these:
>
> It appears that Verisign provides that service for IAS. Are these
> certificates compatible with radiator for use with both PEAP and TTLS?
Yes.
>
> Are there any competing CA's that offer this service?
I think most CAs do, but it may be hard to find out how to apply :-(
Cheers.
>
> Thanks,
>
> Bob Shafer
--
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list