|
Home > Archive > Radius Server > October 2004 > Certificate expired, help please.
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Certificate expired, help please.
|
|
|
| Hi Guys.
Well we have a 802.1x network here using EAP-TLS authentication. Last
week all our certificates expired and somehow I renewed the
certificate on the server and selected it to auto enrol out to all our
clients. However, the notebooks we have have to be connected with a
LAN cable to recieve the new certificate and when they do we still
have to go into the wireless settings and under the "Validate Server
Certificate" bit we still have to check our CA.
Is there an easy way around this? I had to kind of fudge my way
through it so it's in a little bit of a mess.
Many thanks for your help now and in the past.
Regards,
Owen.
| |
| Sam Salhi [MSFT] 2004-10-15, 9:25 pm |
| Unfortunately, there is no easy way out of this but here's a little idea
that might make it a little bit better
Enable PEAP on the server (with Secure Password (EAP-MSCHAPv2) ) and do the
same on your clients, this will allow them to login without client
certificate. Once the connection is established, run the command GPUPDATE
/FORCE on the command prompt. This will allow your clients to renew/request
new certificates. Next, return to EAP-TLS on server and clients
HTH
PS: PEAP-EAP-MSCHAPv2 and EAP-TLS can coexist on the same server and Access
Points. No additional configuration is needed on the Access points
--
========================================
=====
This posting is provided "AS IS" with no warranties, and confers no
rights.
========================================
=====
"Owen" <schmierer2@shoalhaven.nsw.gov.au> wrote in message
news:4fab3de1.0408182214.1163a577@posting.google.com...
> Hi Guys.
>
> Well we have a 802.1x network here using EAP-TLS authentication. Last
> week all our certificates expired and somehow I renewed the
> certificate on the server and selected it to auto enrol out to all our
> clients. However, the notebooks we have have to be connected with a
> LAN cable to recieve the new certificate and when they do we still
> have to go into the wireless settings and under the "Validate Server
> Certificate" bit we still have to check our CA.
>
> Is there an easy way around this? I had to kind of fudge my way
> through it so it's in a little bit of a mess.
>
> Many thanks for your help now and in the past.
>
> Regards,
> Owen.
|
|
|
|
|