At the university of York, we obtain our Comodo SSL certs through UKERNA, the governing body of the UK academic network. I recently obtained one for an ARUBA CLEARPASS server for use in RADIUS authentication. Having installed the certificate with the appropriate intermediate and root CAs I get the following error message:-
There are errors with the server certificate configuration that will prevent devices from provisioning or authenticating:
clearpass.york.ac.uk: ClearPass RADIUS server certificate lacks id-kp-eapOverLAN extended key usage. This will prevent Windows 8.1 clients from authenticating.
The support staff at UKERNA haven’t been able to help with this and suggested I contact Comodo. Do I have to do something in the openssl config file before generating my CSR in order to get the above extended key? Should it be there by default?