I'd like to setup PEAP without using a (server) certificate issued by
Microsoft CA.
I found some help using OpenSSL but it seems that I need to patch it.

Any other info?

Thanks in advance
Mimmus

[ Post a follow-up to this message ]

Solved by myself.

1) On Linux, download http://www.openssl.org/source/openssl-0.9.8a.tar.gz
and untar it
2) cd openssl-0.9.8a
3) Download
http://www.cs.bham.ac.uk/~smp/proje....9.8a-patch.txt
4) patch -p1 < openssl-0.9.8a-patch.txt
5) make
6) make install
7) cd /usr/local/ssl
8) export PATH=/usr/local/ssl/bin:$PATH
9) rm -rf demoCA
10) /usr/local/ssl/misc/CA.pl -newCA
11) cd demoCA
12) openssl x509 -in cacert.pem -outform DER -out cacert.cer
cacert.cer can be imported in Trusted CA, by mmc console (In Computer
Certificates, not Users).

1) Download http://www.cs.bham.ac.uk/~smp/proje...ate-peap-key.sh
2) edit /usr/local/ssl/openssl.cnf:
CONFIG=/usr/local/ssl/openssl.cnf
[ CA_default ]
dir             = /usr/local/ssl/demoCA
and add:
[ sign_ias_csr ]
subjectKeyIdentifier            = hash
authorityKeyIdentifier          = keyid,issuer:always
keyUsage                        = digitalSignature, keyEncipherment
extendedKeyUsage                = clientAuth,serverAuth
3) run create-peap-key.sh
4) cert.p12 can be imported in (Computer) Personal Certificates (not Users)

Reference:
http://www.cs.bham.ac.uk/~smp/projects/peap/

[ Post a follow-up to this message ]