?
Solved

Validating Identity - Certificate for Wireless clients to authenticate using PEAP

Posted on 2014-03-17
3
Medium Priority
?
954 Views
Last Modified: 2014-04-04
I have about 15 laptops which used a certificate issued by the Certificate Authority in the domain. However, since the certificate expired about a month ago, these wireless clients now receive an error when attempting to connect to the access points. They simply hang at the point where the it states "validating identity" and they don't connect.

I was told that I need a new certificate. How can I go about connecting these laptops to this encrypted  wireless network?

I can't make any changes as they don't allow them at the moment. But my manager did say to call Verisign and obtain a new certificate.

I am a bit confused about the entire process. I have a simple understanding of digital certs but have not worked with them in a while.

In short, i have a laptop which connected to the AP which is also running RADIUS and then talks to the IAS server.

Please let me know if you need more details from me.

ca cert
validating identity
Many thanks,

t
0
Comment
Question by:tobe1424
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Author Comment

by:tobe1424
ID: 39935567
I called GoDaddy but they told me they only do SSL / HTML based certs.
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 1000 total points
ID: 39936426
When You already having internal Certificate authority, no need to ping GoDaddy

I hope you are having enterprise root certificate authority (AD integrated)

Connect your affected computers \ laptops to wired network and open local computer certificates mmc console and find out expired wireless certificate under personal folder

Right click certificate and click renew
Follow on screen instructions to renew certificates

http://blogs.technet.com/b/networking/archive/2012/05/30/creating-a-secure-802-1x-wireless-infrastructure-using-microsoft-windows.aspx

Mahesh
0
 
LVL 40

Assisted Solution

by:footech
footech earned 1000 total points
ID: 39936495
If you have a Certificate Authority in your domain, and all the clients which need to connect to the wireless are domain members, then there's no need to buy a cert from a third party.  If the cert for your CA has expired then you need to renew it.  Then you have to renew the cert (or create a new one) for your RADIUS.  This cert is the one that is presented to clients to prove its identity.
You might check out some of the info here for cert requirements.  It's about NPS but should apply to any RADIUS.
http://technet.microsoft.com/en-us/library/cc731363.aspx

If you do decide to purchase one from a third party CA, be aware that they won't issue certs for domains you don't own, or names that are not valid on the internet (like .local).  You can get a 30-day trial cert from Verisign and many other CAs.
0

Featured Post

Bringing Advanced Authentication to the SMB Market

WatchGuard announces the acquisition of advanced authentication provider, Datablink, with one mission – to bring secure authentication to SMB, mid-market, and distributed enterprises with a cloud-based solution, ideal for resale via their established channel & MSSP community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Ransomware is a growing menace to anyone using a computer or mobile device. Here are answers to some common questions about this vicious new form of malware.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question