(RADIATOR) CA signed certificate for PEAP and TTLS
mikem at open.com.au
Fri Jan 25 16:48:18 CST 2008
On Saturday 26 January 2008 07:29, Bob Shafer wrote:
> I've just spent some time looking at various SSL web server certificates.
> It appears to me, and I am no expert on the matter, but all of the
> standard signed certificates from places like Thawte, Comodo, GoDaddy,
> Verisign and etc. have EKU's with Server Authentication
> (220.127.116.11.18.104.22.168.1). Which I *think* is the OID in question.
Yes, thats the one you want.
> If which case nearly any CA signed certificate could work.
> In fact, I've got one that is not currently in use. I'll give it a try
> and see what happens.
> Mike McCauley wrote:
> > Hello Bob,
> > On Friday 25 January 2008 01:20, Bob Shafer wrote:
> >> Rather than using a self-signed certificate generated by the
> >> mkcertificate.sh script DU would like to use one signed by a Certificate
> >> Authority. After looking at the code in that script it appears that the
> >> CA must add in the xpextentions to support the MS native supplicant.
> >> I'm guessing this means that one needs a wireless lan friendly CA.
> > Yes, thats correct.
> > MS (and most other windows) supplicants require that the server cert have
> > the 'Server Authentication' EKU set in it.
> >> My two questions are these:
> >> It appears that Verisign provides that service for IAS. Are these
> >> certificates compatible with radiator for use with both PEAP and TTLS?
> > Yes.
> >> Are there any competing CA's that offer this service?
> > I think most CAs do, but it may be hard to find out how to apply :-(
> > Cheers.
> >> Thanks,
> >> Bob Shafer
Mike McCauley mikem at open.com.au
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator