advanced help with OpenSSL
i am deploying freeradius 2.0.5 on SUSE 10.3, and i use openSSL 0.9.8e.
i intend to use this chain of certifiction with:
1 - CA (self-signed)
2 - Server (signed by the CA cert, normal)
3 - Clients (signed by the Server instead of the CA. There is a good reason of this)
i have already clients certicates signed by the CA and they are ok, when i use them in eap-tls authentication, and authentication won't success when i do eap-peap.
# Certificate requirements when you use EAP-TLS or PEAP with EAP-TLS
I tried mysel to create corrects certificates allowed to sign clients Certificates, but i am a kind of rookie on Linux. windows says for the client cert the folowing:
"This certificate is not valide cause one of the Certifiction Authority in the path of certification sems not to be alowed to de liver certificates, or this certificate cannot be used asfinal entity certificate"
OpenSSL sounds like chinese (or english :rolleyes:) for me, so I need help
All my client will be on windows xp sp2, so i will need these extensions too:
#for the clients certs
extendedKeyUsage = 188.8.131.52.184.108.40.206.2
# For the Servers certs
extendedKeyUsage = 220.127.116.11.18.104.22.168.1
thanx a lot for helping :?