First let me admit, I am not very good with certs.
I am trying to get wireless networks to authenticate by Active Directory via an external RADIUS(Cisco ACS v5.1). The entire process works with the exception of the “Validate Certificate” setting in the wireless client. My logical topology is attached.
Basically I have win 7 and win xp clients that connect to a lightweight access point that is managed by Cisco 4402 Wireless Controller(WLC). The wireless controller has a SSID “XYZ” that is configured to [WPA + WPA2(AES)][Auth(802.1X)]. And this in turn talks to a Cisco ACS v5.1(latest ver), and that talks LDAP to Active Directory matching the dial in attribute and membership in a specific security group.
If I uncheck “Validate Certificate” everything works great, so that tells me the logical process is good.
So the Certs, there is a Verisign cert on the Cisco ACS that is in charge of the EAP. I took that Cert and exported its private keys and put them in the “Default Domain” GPO under machine account > windows settings > security settings > public key policies > trusted root certification authorities. And I think this is where my confusion is, as I understand it that should be the cert the clients import as part of their GPO but it simply doesn’t work.
I’m confused as to which support to call first, I’m a bit lost. Any help is greatly appreciated.