gacus
asked on
Certificate warning when connecting to a 802.1x wireless network
I purchased a certificate from digicert to use for our 802.1X wireless network. I have setup a Server 2012 R2 NPS and added the cert to the server, but both my Windows and my OSX clients still display a message to accept the certificate. I have checked the cert store on the Windows Clients and the digicert root ca cert is there as it is included on all windows clients with recent updates installed.
I have tested this on OSX Lion and Windows 8.1. I am about to test it on a Windows 7 machine as well.
I needed to use a public CA certificate because we are a college campus and we have students who bring their own devices I don't have control over so I can't use Group Polices to push our MS certificate to them.
This seems like it should just work with the public CA cert. Any ideas why it isn't just trusting the certificate? I have also been trying to find some logs to determine where it denies the certificate but I don't see anything for that.
I have tested this on OSX Lion and Windows 8.1. I am about to test it on a Windows 7 machine as well.
I needed to use a public CA certificate because we are a college campus and we have students who bring their own devices I don't have control over so I can't use Group Polices to push our MS certificate to them.
This seems like it should just work with the public CA cert. Any ideas why it isn't just trusting the certificate? I have also been trying to find some logs to determine where it denies the certificate but I don't see anything for that.
Louie
Can you screenshot what they see?
ASKER
ASKER
Here are the screenshots
ASKER
here is a client showing the digicert in the trusted root store
trustcerts.PNG
trustcerts.PNG
Try to run the Digicert cert checker on your IAS server to check the intermediate certs?
http://www.digicert.com/help/
http://www.digicert.com/help/
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is actually an issue with MS' implementation of 802.1x and Certificate Trusts. It's not a limitation of 802.1x - it's doing what it should do.
There are lots of 'fixes' suggested by Microsoft and other vendors such as using Intel PROSet tools to manage the wireless connection on the device, or importing the certificate into the NTAuth store (as you already discovered) but there's probably nothing you can do if you don't manage the devices.
There are lots of 'fixes' suggested by Microsoft and other vendors such as using Intel PROSet tools to manage the wireless connection on the device, or importing the certificate into the NTAuth store (as you already discovered) but there's probably nothing you can do if you don't manage the devices.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
craigbeck and I were saying basically the same thing, but craigbeck's wording went into much better detail.