Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Certificate problem for VPN

Posted on 2004-04-28
8
Medium Priority
?
1,374 Views
Last Modified: 2007-12-19
I am using PPTP for VPN connections. This works fine, using normal username/password authentication.
But I want to use PPTP with EAP using certificates to secure vpn connections to our network.
I have set up an internal root CA (microsoft).
I have put the root CA on client and VPN server.
I have issued a client authentication certificate and installed it on the client.
I have issued a server authentication certificate and installed it on the RRAS (VPN) server.

But when I try to create the connection, I get this error on the client:
"Error 0x80090325: The certificate chain was issued by an untrusted authority."

On the server I get in system log:
"The user XXX connected from 213.224.178.18 but failed an authentication attempt due to the following reason: There was an authentication failure because of an unknown user name or a bad password. "

Any idea's what's wrong?
0
Comment
Question by:Wouterx
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
8 Comments
 
LVL 23

Expert Comment

by:Tim Holman
ID: 10986927
This problem occurs because the CA certification path is not installed.

To resolve this problem, install the CA Certification Path on both client and server. To do this, select the Retrieve the CA certificate or certificate revocation list from http://CAServerName/certsrv.

http://support.microsoft.com/default.aspx?scid=kb;en-us;q326474
0
 
LVL 3

Author Comment

by:Wouterx
ID: 10988218
Navidating gives this screen:

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Install this CA certification path to allow your computer to trust certificates issued from this certification authority.

It is not necessary to manually install the CA certification path if you request and install a certificate from this certification authority, because the CA certification path will be installed for you automatically.

Choose file to download:    
CA Certificate:  Current [Dekimo CA]
 
 DER encoded  or  Base 64 encoded  
 
 
 Download CA certificate  
 
 Download CA certification path  
 
 Download latest certificate revocation list  

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Where you can click on the first 5 words to install the CA certificate.
I have already done this on client and server. Does not make any difference.

If I download the certification path file or cert. revoc. list  specified in the lower part of the screen, I cannot open or install these files. The error is:
"This is an invalid PKCS #7 file"

Is it possible that I misconfigured the CA so that the cert. path. or CRL Distribution points are invalid or unreachable, and this causes the error?
0
 
LVL 23

Accepted Solution

by:
Tim Holman earned 1000 total points
ID: 10989329
0
 
LVL 23

Expert Comment

by:Tim Holman
ID: 11350828
;)
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
Secure VPN Connection terminated locally by the Client.  Reason 442: Failed to enable Virtual Adapter. If you receive this error on Windows 8 or Windows 8.1 while trying to connect with the Cisco VPN Client then the solution is a simple registry f…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question