Client is trusting a root CA that did not issue server certificate

Unanswered Question
Dec 2nd, 2008

Hi, all, I am having a strange problem I can not explain. I am deploying EAP-TLS in our internal wireless network. I use Windows2003 server certificate service as root CA. When I first installed the service, I chose a root CA name as "Root-CA", later I learned that in order to support SCEP, I can not have non-alphanumerical root CA name, so I uninstalled the service and reinstalled it and re-created root CA with name "RootCA".

When XP clients do certificate web enrollment and install the certificate, I see three CAs listed in trusted root CA, they are "RootCA", "RootCA", "Root-CA", each created in different time.

IAS's certificate is issued by "RootCA"

Now when "RootCA" is trusted on client, I can not get EAP-TLS to work, Windows IAS is complaining: "Unexpected error, Possible error in server or client configuration", but if client trusts "Root-CA", then authentication passes. Why is that? IAS Radius server's certificate is issued by "RootCA" not "Root-CA" ...

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tstanik Mon, 12/08/2008 - 12:37

Complete these steps to Approve the Certificate from the CA

1. Choose Start > Programs > Administrative Tools > Certificate Authority.

2. Expand the certificate on the left pane.

3. Select Pending Requests.

4. Right-click on the certificate.

5. Select all tasks.

6. Select Issue.

Here is the URL for the EAP-TLS Version 1.01 Configuration Guide

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a008068d45a.shtml

Actions

This Discussion

 

 

Trending Topics - Security & Network