Re: Certificate expired, help please.

From: Sam Salhi [MSFT] (samers_at_online.microsoft.com)
Date: 10/13/04 

Date: Tue, 12 Oct 2004 20:23:13 -0700

Unfortunately, there is no easy way out of this but here's a little idea
that might make it a little bit better
Enable PEAP on the server (with Secure Password (EAP-MSCHAPv2) ) and do the
same on your clients, this will allow them to login without client
certificate. Once the connection is established, run the command GPUPDATE
/FORCE on the command prompt. This will allow your clients to renew/request
new certificates. Next, return to EAP-TLS on server and clients

HTH

PS: PEAP-EAP-MSCHAPv2 and EAP-TLS can coexist on the same server and Access
Points. No additional configuration is needed on the Access points 

-- 
      =============================================
  This posting is provided "AS IS" with no warranties, and confers no 
rights.
      =============================================
"Owen" <schmierer2@shoalhaven.nsw.gov.au> wrote in message 
news:4fab3de1.0408182214.1163a577@posting.google.com...
> Hi Guys.
>
> Well we have a 802.1x network here using EAP-TLS authentication.  Last
> week all our certificates expired and somehow I renewed the
> certificate on the server and selected it to auto enrol out to all our
> clients.  However, the notebooks we have have to be connected with a
> LAN cable to recieve the new certificate and when they do we still
> have to go into the wireless settings and under the "Validate Server
> Certificate" bit we still have to check our CA.
>
> Is there an easy way around this?  I had to kind of fudge my way
> through it so it's in a little bit of a mess.
>
> Many thanks for your help now and in the past.
>
> Regards,
> Owen.

Relevant Pages

  • RE: 802.1x Authentication Fails
    ... Reason = The authentication request was not processed because the ... a default certificate is being sent to ... I queried the product team about this and they feel the server certificate ... which is causing the problem that the clients cannot ...
    (microsoft.public.internet.radius)
  • Re: Can this be done? Wireless Access w/o the use if CERTs
    ... a default certificate is being sent to user ... Could not retrieve the Remote Access Server's certificate due to the ... to use EAP-TLS but you don't have a server certificate. ... EAP-TLS requires certificates on clients and on the IAS server. ...
    (microsoft.public.internet.radius)
  • Re: trouble using SSL on WSUS
    ... clients according to the deployment guide. ... I configured the client to use the WSUS server through https. ... Schemes used: ... I've read on serveral sites that the server certificate has to be imported ...
    (Focus-Microsoft)
  • Re: Basic WEP/RADIUS/802.11 (Cisco/MS) question
    ... but I am interested in this whole Radius ... > I see that I can pull a Radius server out of the Microsoft Windows ... Cisco 1200 APs would be the RADIUS clients. ... a third party CA for your server certificate that your clients already ...
    (microsoft.public.internet.radius)
  • Re: subtext search in encrypted text
    ... > * clients access the system by communication with a application server ... both a client certificate and a server certificate. ... How secure is the memory of the phone? ...
    (sci.crypt)