I have set up a Windows 2003 Certificate Server to use in AutoEnrollment for machine and user 802.1x authentication, but has run into a few problems.
The steps are something like this:
I configured the CA Server.
I requested a certificate from the CA server inside the ACS 5.1, and installed it.
I downloaded the root certificate from the CA server, and installed it on the client (WinXP SP3).
So far so good, and the web authentication part (when I log in to the ACS itself) works fine.
But when I try to authenticate a client, both on wireless and wired, this message pops up:
If I click OK, it seems to work fine, but the point was to have no user interaction at all.
The certificate and the chains seems to be ok:
Why does this pop up?
Is there a way to avoid this?
Are there some flags missing in the certificate?
Can we configure every thing about 802.1x authentication in clients from, say, Active Directory Group Policies?
First I tried to set this up by buying a Certificate from Godaddy.com, since they are certified.
I installed it under System Administration > Configuration > Local Server Certificates > Local Certificates.
But exactly the same popup and result there.
Is it this way it is supposed to be?
Isn't the point with buying Certificates and / or Autoenrollment to have no user interaction at all?
What could be wrong?