Solved

Validating Identity - Certificate for Wireless clients to authenticate using PEAP

Posted on 2014-03-17
3
922 Views
Last Modified: 2014-04-04
I have about 15 laptops which used a certificate issued by the Certificate Authority in the domain. However, since the certificate expired about a month ago, these wireless clients now receive an error when attempting to connect to the access points. They simply hang at the point where the it states "validating identity" and they don't connect.

I was told that I need a new certificate. How can I go about connecting these laptops to this encrypted  wireless network?

I can't make any changes as they don't allow them at the moment. But my manager did say to call Verisign and obtain a new certificate.

I am a bit confused about the entire process. I have a simple understanding of digital certs but have not worked with them in a while.

In short, i have a laptop which connected to the AP which is also running RADIUS and then talks to the IAS server.

Please let me know if you need more details from me.

ca cert
validating identity
Many thanks,

t
0
Comment
Question by:tobe1424
3 Comments
 

Author Comment

by:tobe1424
ID: 39935567
I called GoDaddy but they told me they only do SSL / HTML based certs.
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 250 total points
ID: 39936426
When You already having internal Certificate authority, no need to ping GoDaddy

I hope you are having enterprise root certificate authority (AD integrated)

Connect your affected computers \ laptops to wired network and open local computer certificates mmc console and find out expired wireless certificate under personal folder

Right click certificate and click renew
Follow on screen instructions to renew certificates

http://blogs.technet.com/b/networking/archive/2012/05/30/creating-a-secure-802-1x-wireless-infrastructure-using-microsoft-windows.aspx

Mahesh
0
 
LVL 39

Assisted Solution

by:footech
footech earned 250 total points
ID: 39936495
If you have a Certificate Authority in your domain, and all the clients which need to connect to the wireless are domain members, then there's no need to buy a cert from a third party.  If the cert for your CA has expired then you need to renew it.  Then you have to renew the cert (or create a new one) for your RADIUS.  This cert is the one that is presented to clients to prove its identity.
You might check out some of the info here for cert requirements.  It's about NPS but should apply to any RADIUS.
http://technet.microsoft.com/en-us/library/cc731363.aspx

If you do decide to purchase one from a third party CA, be aware that they won't issue certs for domains you don't own, or names that are not valid on the internet (like .local).  You can get a 30-day trial cert from Verisign and many other CAs.
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now