(RADIATOR) CA signed certificate for PEAP and TTLS

Mike McCauley mikem at open.com.au
Fri Jan 25 16:48:18 CST 2008 

Hi Bob,

On Saturday 26 January 2008 07:29, Bob Shafer wrote:
> I've just spent some time looking at various SSL web server certificates.
>
> It appears to me, and I am no expert on the matter, but all of the
> standard signed certificates from places like Thawte, Comodo, GoDaddy,
> Verisign and etc. have EKU's with Server Authentication
> (1.3.6.1.5.5.7.3.1).  Which I *think* is the OID in question.

Yes, thats the one you want.

>
> If which case nearly any CA signed certificate could work.
>
> In fact, I've got one that is not currently in use.  I'll give it a try
> and see what happens.

OK.
Cheers.

>
> Bob
>
> Mike McCauley wrote:
> > Hello Bob,
> >
> > On Friday 25 January 2008 01:20, Bob Shafer wrote:
> >> Rather than using a self-signed certificate generated by the
> >> mkcertificate.sh script DU would like to use one signed by a Certificate
> >> Authority.  After looking at the code in that script it appears that the
> >> CA must add in the xpextentions to support the MS native supplicant.
> >>
> >> I'm guessing this means that one needs a wireless lan friendly CA.
> >
> > Yes, thats correct.
> > MS (and most other windows) supplicants require that the server cert have
> > the 'Server Authentication' EKU set in it.
> >
> >> My two questions are these:
> >>
> >> It appears that Verisign provides that service for IAS.  Are these
> >> certificates compatible with radiator for use with both PEAP and TTLS?
> >
> > Yes.
> >
> >> Are there any competing CA's that offer this service?
> >
> > I think most CAs do, but it may be hard to find out how to apply :-(
> >
> > Cheers.
> >
> >> Thanks,
> >>
> >> Bob Shafer

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list