• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 994
  • Last Modified:

Validating Identity - Certificate for Wireless clients to authenticate using PEAP

I have about 15 laptops which used a certificate issued by the Certificate Authority in the domain. However, since the certificate expired about a month ago, these wireless clients now receive an error when attempting to connect to the access points. They simply hang at the point where the it states "validating identity" and they don't connect.

I was told that I need a new certificate. How can I go about connecting these laptops to this encrypted  wireless network?

I can't make any changes as they don't allow them at the moment. But my manager did say to call Verisign and obtain a new certificate.

I am a bit confused about the entire process. I have a simple understanding of digital certs but have not worked with them in a while.

In short, i have a laptop which connected to the AP which is also running RADIUS and then talks to the IAS server.

Please let me know if you need more details from me.

ca cert
validating identity
Many thanks,

t
0
tobe1424
Asked:
tobe1424
2 Solutions
 
tobe1424Author Commented:
I called GoDaddy but they told me they only do SSL / HTML based certs.
0
 
MaheshArchitectCommented:
When You already having internal Certificate authority, no need to ping GoDaddy

I hope you are having enterprise root certificate authority (AD integrated)

Connect your affected computers \ laptops to wired network and open local computer certificates mmc console and find out expired wireless certificate under personal folder

Right click certificate and click renew
Follow on screen instructions to renew certificates

http://blogs.technet.com/b/networking/archive/2012/05/30/creating-a-secure-802-1x-wireless-infrastructure-using-microsoft-windows.aspx

Mahesh
0
 
footechCommented:
If you have a Certificate Authority in your domain, and all the clients which need to connect to the wireless are domain members, then there's no need to buy a cert from a third party.  If the cert for your CA has expired then you need to renew it.  Then you have to renew the cert (or create a new one) for your RADIUS.  This cert is the one that is presented to clients to prove its identity.
You might check out some of the info here for cert requirements.  It's about NPS but should apply to any RADIUS.
http://technet.microsoft.com/en-us/library/cc731363.aspx

If you do decide to purchase one from a third party CA, be aware that they won't issue certs for domains you don't own, or names that are not valid on the internet (like .local).  You can get a 30-day trial cert from Verisign and many other CAs.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now