Previous page Section 3.10.30. EAPTLS_RequireClientCert Section 3.10.31. EAPTLS_PolicyOID (190 / 1691)   Table of Contents Section 3.10.32. EAP_LEAP_MSCHAP_Convert Next page

3.10.31. EAPTLS_PolicyOID Previous topic Parent topic Child topic Next topic

For TLS based EAP types such as TLS, TTLS, and PEAP, when the client presents a certificate, this optional parameter enables certificate policy checking. It also specifies one or more policy OIDs that must be present in the certificate path. It sets the 'require explicit policy' flag as defined in RFC3280. Using this requires Perl Net::SSLeay module 1.37 or later.
When multiple EAPTLS_PolicyOID parameters are configured, the peer certificate needs to match only one of the configured OIDs, not all of them.
# Require just one policy
EAPTLS_PolicyOID 1.3.6.1.4.1.9048.33.2
Previous page Section 3.10.30. EAPTLS_RequireClientCert Section 3.10.31. EAPTLS_PolicyOID (190 / 1691)   Table of Contents Section 3.10.32. EAP_LEAP_MSCHAP_Convert Next page