Re: CA Role in 802.1x
- From: "James McIllece [MS]" <jamesmci@xxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 06 Sep 2006 15:21:08 -0700
=?Utf-8?B?QW5keQ==?= <Andy@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
news:96A19608-2550-476A-871E-9281EF495C4B@xxxxxxxxxxxxx:
Hi James,
Let's say I have EAP-TLS setup correctly and I have only one CA on the
network. What will happen if CA goes down or is taken offline. Are
users able to authentication and login to the network?
Yes. The CA is not contacted by IAS while it authenticates and authorizes
connection requests.
IAS does make sure that it trusts the issuer of the certificate, though --
it does this by looking in the Trusted Root Certification Authorities
certificate store for the Local Computer. If there is a CA cert there from
the CA that issued the connecting user or client cert, IAS trusts the cert.
(It also checks other properties of the cert to verify that it is valid and
meets the minimum client certificate requirements).
IAS also periodically queries either the CA or AD (can't recall right now)
for the most recent certificate revocation list (CRL). Info on CRLs is in
Certificate Services Help on the box.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- References:
- Re: CA Role in 802.1x
- From: James McIllece [MS]
- Re: CA Role in 802.1x
- From: James McIllece [MS]
- Re: CA Role in 802.1x
- Prev by Date: Re: Evenit-ID 2
- Next by Date: Re: certificate could not be found
- Previous by thread: Re: CA Role in 802.1x
- Next by thread: 802.1X/EAP authentication issue with XP client
- Index(es):
Relevant Pages
|
