Solved

Validating Identity - Certificate for Wireless clients to authenticate using PEAP

Posted on 2014-03-17
3
929 Views
Last Modified: 2014-04-04
I have about 15 laptops which used a certificate issued by the Certificate Authority in the domain. However, since the certificate expired about a month ago, these wireless clients now receive an error when attempting to connect to the access points. They simply hang at the point where the it states "validating identity" and they don't connect.

I was told that I need a new certificate. How can I go about connecting these laptops to this encrypted  wireless network?

I can't make any changes as they don't allow them at the moment. But my manager did say to call Verisign and obtain a new certificate.

I am a bit confused about the entire process. I have a simple understanding of digital certs but have not worked with them in a while.

In short, i have a laptop which connected to the AP which is also running RADIUS and then talks to the IAS server.

Please let me know if you need more details from me.

ca cert
validating identity
Many thanks,

t
0
Comment
Question by:tobe1424
3 Comments
 

Author Comment

by:tobe1424
ID: 39935567
I called GoDaddy but they told me they only do SSL / HTML based certs.
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 250 total points
ID: 39936426
When You already having internal Certificate authority, no need to ping GoDaddy

I hope you are having enterprise root certificate authority (AD integrated)

Connect your affected computers \ laptops to wired network and open local computer certificates mmc console and find out expired wireless certificate under personal folder

Right click certificate and click renew
Follow on screen instructions to renew certificates

http://blogs.technet.com/b/networking/archive/2012/05/30/creating-a-secure-802-1x-wireless-infrastructure-using-microsoft-windows.aspx

Mahesh
0
 
LVL 40

Assisted Solution

by:footech
footech earned 250 total points
ID: 39936495
If you have a Certificate Authority in your domain, and all the clients which need to connect to the wireless are domain members, then there's no need to buy a cert from a third party.  If the cert for your CA has expired then you need to renew it.  Then you have to renew the cert (or create a new one) for your RADIUS.  This cert is the one that is presented to clients to prove its identity.
You might check out some of the info here for cert requirements.  It's about NPS but should apply to any RADIUS.
http://technet.microsoft.com/en-us/library/cc731363.aspx

If you do decide to purchase one from a third party CA, be aware that they won't issue certs for domains you don't own, or names that are not valid on the internet (like .local).  You can get a 30-day trial cert from Verisign and many other CAs.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question