Kyle Hamilton escribió:
A server is not allowed to sign certificates unless its certificate
has a CA:TRUE extended attribute, and "key signing" as an extended
usage field.
If it doesn't have those, it's not going to chain properly, no matter
how you've got it set up.
Only a CA can sign end-enti
A server is not allowed to sign certificates unless its certificate
has a CA:TRUE extended attribute, and "key signing" as an extended
usage field.
If it doesn't have those, it's not going to chain properly, no matter
how you've got it set up.
Only a CA can sign end-entity certificates.
-Kyle H
Goetz Babin-Ebell escribió:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sergio wrote:
| I think so and you're right. Signing a client cert with a server
cert is
| inefficient and all my problems would solve itself if radius has ocsp
| support.
The missing support for OCSP is not your proble
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sergio wrote:
| I think so and you're right. Signing a client cert with a server cert is
| inefficient and all my problems would solve itself if radius has ocsp
| support.
The missing support for OCSP is not your problem.
Your problem is the broken c
Goetz Babin-Ebell escribió:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sergio wrote:
| Hi people,
Hello Sergio,
| client.pem are signed by
| server.pem, and server.pem are signed by ca.pem.
It is a bad bad idea to sign a client certificate with
a server certificate.
Usually server certifica
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sergio wrote:
| Hi people,
Hello Sergio,
| client.pem are signed by
| server.pem, and server.pem are signed by ca.pem.
It is a bad bad idea to sign a client certificate with
a server certificate.
Usually server certificates don't have the extensions
Hi people,
i have a problem with certificate chain. I'm configuring freeradius and
wpa_supplicant using eap-tls protocol. client.pem are signed by
server.pem, and server.pem are signed by ca.pem. I've tried to install
(using ln -s and hash value of cert) ca.pem and server.pem into
/etc/ssl/ce
