RADIUS server Certificate for PEAP

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

RADIUS server Certificate for PEAP

B Thompson
Hi

I am looking for some advice on digital certificates and would be
grateful if any members of this list may be able to help me.

I would like to get a digital certificate installed on my Linux
FreeRADIUS server which has been signed by a trusted commercial CA (not
self signed) and includes the extended key usage server authentication
attribute (1.3.6.1.5.5.7.3.1) as required by Microsoft PEAP clients.

So far I have only found one vendor who market such a product and that
is Verisign with their WLAN Server Certificate. Unfortunately this can
only be obtained using their online purchase system which must be run
from Internet Explorer on the target machine so that the Microsoft
Xenroll protocol can automate the process.

What I would like to know is : are there any other commercial CA's who
can offer me a certificate with the required Extended Key usage entries?
and if not would it be an option to set up a dummy Windows server with
the same hostname as my linux server and use this to download the
certificate and somehow extract it (and convert if necesarry with
openssl) to the linux box?

Thanks

Ben Thompson

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]