phantomdan2005
asked on
Certificate Disappears in 2008 - used for client authentication
Ok, on our network for our HP ProCurve Wireless, we have a RADIUS Server that handles the authentication automatically. However, everyday, not at the same time, the one certficate just disapears off the server. When this happens, no one can connect to the wlan. To fix this problem everyday I need to:
- RDP into the certificate server, which is our domain controller
- start, run, mmc
- file, add/remove snap-in
- Certificates, add
- Computer account, local computer
- Right click Personal, all tasks, request new certificate
- next, ad enrollment policy, next, select domain controller, enroll.
- restart CNG Key Isolation Service.
Once this is done, people can authenticate.
I have attached a picture of the cert that keeps disappearing. As you can see, I just had to issue a new one today, 9/6.
Can anyone help with fixing this cert issue so I do not have to request a new one each day, sometimes twice a day?
- RDP into the certificate server, which is our domain controller
- start, run, mmc
- file, add/remove snap-in
- Certificates, add
- Computer account, local computer
- Right click Personal, all tasks, request new certificate
- next, ad enrollment policy, next, select domain controller, enroll.
- restart CNG Key Isolation Service.
Once this is done, people can authenticate.
I have attached a picture of the cert that keeps disappearing. As you can see, I just had to issue a new one today, 9/6.
Can anyone help with fixing this cert issue so I do not have to request a new one each day, sometimes twice a day?
ASKER
No, this domain controller is the only one that controls the certs.
Hello,
This usually hapens because the server the certificate is installed on can't contact the Certificate Revocation List. In the certificates MMC, open the certificate and go to the details page. Find the CRL Distribution Points field. Make sure the URL in this field is valid and can be accessed from this server. If you are using an internal CA, which it appears you are, make sure it is setup correctly and that you are properly publishing the CRL.
JJ
This usually hapens because the server the certificate is installed on can't contact the Certificate Revocation List. In the certificates MMC, open the certificate and go to the details page. Find the CRL Distribution Points field. Make sure the URL in this field is valid and can be accessed from this server. If you are using an internal CA, which it appears you are, make sure it is setup correctly and that you are properly publishing the CRL.
JJ
ASKER
What specific information are you looking for when you ask for how it is setup? I am not too familiar with certificate services, and I did not setup this. I just joined the company so things were in place before I got here.
First, check the certificate and make sure the CRL Distribution Points field looks valid and is accessible form the server.
JJ
JJ
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I fixed my own issue.
There must be something wrong with the PKI. Could you give us more information how it is setup, please?