EAP/TLS and "Windows was unable to find a certificate. . ."
From: Paul (anonymous_at_discussions.microsoft.com)
Date: 04/27/04
- Next message: Paul A: "Re: XP Pro does not respond to ping"
- Previous message: Braveheart: "Local Area Connection properties not accessible"
- In reply to: allan grossman [mvp]: "EAP/TLS and "Windows was unable to find a certificate. . .""
- Next in thread: allan grossman [mvp]: "EAP/TLS and "Windows was unable to find a certificate. . .""
- Reply: allan grossman [mvp]: "EAP/TLS and "Windows was unable to find a certificate. . .""
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 27 Apr 2004 07:33:15 -0700
In a word: Thankyouverymuch.
The solution you suggested worked. I installed the user
cert logged in as a domain user and promptly exported it
using mmc, private keys and all. I then logged in a local
user, imported the cert and was prompted to choose that
certificate when I enabled 802.1x on the wireless
connection.
I don't quite understand why the certificates are
different, but I'll not split hairs at this point.
Thanks again.
>-----Original Message-----
>Hi, Paul -
>
>I'm not the most high-speed PKI type out there, but it
>appears to me all that needs to happen is the domain
>certificates need to be installed in your local profile's
>certificate store.
>
>Can you download the cert to floppy disk while logged on
>as a domain user and install it as a local user?
>
>If that doesn't do it I won't be much help - I work for
>the federal government and my certificates are smartcard-
>based - I can use them as either a local or domain user.
>Maybe someone a bit brighter than me will have a better
>solution ;-)
>
>Good luck -
>
>>-----Original Message-----
>>I have a tablet PC running XP tablet edition that I am
>>using to set up a small wireless lan. Additionally, I
>>have a Windows 2003 server acting as both a radius
>server
>>and certificate authority. The tablet is a member of
>the
>>same domain that the 2003 server is.
>>
>>When I log on to the tablet as domain user BobSmith, I
>can
>>launch IE, browse to the cert auth, request and install
>a
>>User cert with no problem. At that point, I can
>configure
>>the wireless connection for 802.1x "Smart card or other
>>certificate" and my connection is established to the
>>wireless network, "Authentication Succeeded".
>>
>>What I would like to do, however, is not log in to the
>>desktop as a domain user, rather just a user local to
>the
>>tablet. In doing so, I can browse the cert auth (and
>>authenticate to it via the browser as domain user
>>JohnDoe), request and install a user cert, but the
>>wireless connection fails. Logged in as a local user, I
>>can see the certificate in mmc (under the name of
>>JohnDoe), but the "Validating Identity" phase fails with
>>the error message "Windows was unable to find a
>>certificate to log you on to the network [SSID]" (where
>>SSID is my AP's network name).
>>
>>The radius server (IAS) is configured to authenticate
>both
>>JohnDoe and BobSmith, but while logged in to the tablet
>as
>>a local user, neither the AP nor the IAS server get an
>>authentication request. Is it possible to log in as a
>>local user and still use a domain user's certificate for
>>EAP-TLS 802.1x authentication?
>>
>>Thanks.
>>.
>>
>.
>
- Next message: Paul A: "Re: XP Pro does not respond to ping"
- Previous message: Braveheart: "Local Area Connection properties not accessible"
- In reply to: allan grossman [mvp]: "EAP/TLS and "Windows was unable to find a certificate. . .""
- Next in thread: allan grossman [mvp]: "EAP/TLS and "Windows was unable to find a certificate. . .""
- Reply: allan grossman [mvp]: "EAP/TLS and "Windows was unable to find a certificate. . .""
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
