Re: Adding certificate to list of PEAP certificates
- From: Nathan J <NathanJ@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 14 Aug 2007 14:50:01 -0700
Since I first posted my message, I have found that my CA was set up for "All
Purposes", and thus could not be used in IAS (IAS apparently requires that
"Client Authentication" be explicitly mentioned as a purpose). Once I changed
that, I could use it in IAS. However, I got an error in the event log (Event
ID 20168: Could not retrieve the Remote Access Server's certificate due to
the following error: The credentials supplied to the package were not
recognized.).
I cannot seem to get your URL to work.
Yes, I am using PEAP-TLS or EAP-TLS.
The certificate used for IAS was actually our website certificate. Its root
was an Equifax certificate. The certificate for creating computer
certificates was self-signed.
Even though I have come up with my own solution for the original issue, I
would still like to read the information in your link. Could you double-check
it for me and send me an updated/corrected one?
Thanks,
Nathan J
"James McIllece [MS]" wrote:
=?Utf-8?B?TmF0aGFuIEo=?= <Nathan J@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in.
news:A2AEA568-1F24-4C51-B803-E3A483310F85@xxxxxxxxxxxxx:
I am trying to enable radius authentication for computers over our
wireless network. The problem that I run into is: the CA certificate
that creates the client computer's certificate is different than the
certificate used to validate the wireless connection. As a result, I
get a "Windows was unable to find a certificate to log you on to the
network [[ssid]]" error message on the client machine. When I look on
the server at the list of PEAP certificates to use under
Authentication in my default remote access policy, the CA certificate
that I want is not there. How can I add it to that list? Or,
alternatively, how do I change which certificate is used when a client
computer is joined to the domain?
Thanks,
Nathan
Hi Nathan --
Please see the Help topic "Network access authentication and certificates"
in Windows Server 2003 IAS or VPN Help, or on the web at
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serv
erHelp/9d8b61c9-a870-4627-a8f2-148625fd7fba.mspx
This topic explains the minimum server and client certificate requirements
in detail.
It sounds like you are trying to use PEAP-TLS or EAP-TLS with wireless, is
that the case?
I don't understand this comment: the CA certificate
that creates the client computer's certificate is different than the
certificate used to validate the wireless connection.
Can you elaborate? Do you mean that the CA that issues the client computer
cert is different than the CA used to issue the IAS server certificate?
The client and server certs both must be issued by a CA that leads to the
same root CA.
--
James McIllece, Microsoft
Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
- Follow-Ups:
- Re: Adding certificate to list of PEAP certificates
- From: James McIllece [MS]
- Re: Adding certificate to list of PEAP certificates
- References:
- Re: Adding certificate to list of PEAP certificates
- From: James McIllece [MS]
- Re: Adding certificate to list of PEAP certificates
- Prev by Date: Re: Accessing client-friendly-name from IAS extension dll
- Next by Date: Re: IAS server and access points
- Previous by thread: Re: Adding certificate to list of PEAP certificates
- Next by thread: Re: Adding certificate to list of PEAP certificates
- Index(es):
Relevant Pages
|
Loading
