Solved

Validating Identity - Certificate for Wireless clients to authenticate using PEAP

Posted on 2014-03-17
3
919 Views
Last Modified: 2014-04-04
I have about 15 laptops which used a certificate issued by the Certificate Authority in the domain. However, since the certificate expired about a month ago, these wireless clients now receive an error when attempting to connect to the access points. They simply hang at the point where the it states "validating identity" and they don't connect.

I was told that I need a new certificate. How can I go about connecting these laptops to this encrypted  wireless network?

I can't make any changes as they don't allow them at the moment. But my manager did say to call Verisign and obtain a new certificate.

I am a bit confused about the entire process. I have a simple understanding of digital certs but have not worked with them in a while.

In short, i have a laptop which connected to the AP which is also running RADIUS and then talks to the IAS server.

Please let me know if you need more details from me.

ca cert
validating identity
Many thanks,

t
0
Comment
Question by:tobe1424
3 Comments
 

Author Comment

by:tobe1424
Comment Utility
I called GoDaddy but they told me they only do SSL / HTML based certs.
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 250 total points
Comment Utility
When You already having internal Certificate authority, no need to ping GoDaddy

I hope you are having enterprise root certificate authority (AD integrated)

Connect your affected computers \ laptops to wired network and open local computer certificates mmc console and find out expired wireless certificate under personal folder

Right click certificate and click renew
Follow on screen instructions to renew certificates

http://blogs.technet.com/b/networking/archive/2012/05/30/creating-a-secure-802-1x-wireless-infrastructure-using-microsoft-windows.aspx

Mahesh
0
 
LVL 39

Assisted Solution

by:footech
footech earned 250 total points
Comment Utility
If you have a Certificate Authority in your domain, and all the clients which need to connect to the wireless are domain members, then there's no need to buy a cert from a third party.  If the cert for your CA has expired then you need to renew it.  Then you have to renew the cert (or create a new one) for your RADIUS.  This cert is the one that is presented to clients to prove its identity.
You might check out some of the info here for cert requirements.  It's about NPS but should apply to any RADIUS.
http://technet.microsoft.com/en-us/library/cc731363.aspx

If you do decide to purchase one from a third party CA, be aware that they won't issue certs for domains you don't own, or names that are not valid on the internet (like .local).  You can get a 30-day trial cert from Verisign and many other CAs.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now