Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
760
Views
0
Helpful
4
Replies

802.1x on wired LAN

Go to solution
remco.gussen
Level 1
Level 1

‎07-06-2008 07:05 AM - last edited on ‎03-25-2019 05:25 PM by Community Manager

Hi there

I implemented a wired 802.1x authenticated network. I only use machine (computer) certificates to authenticate the workstations. Automatic Certificate Enrollemnt is installed in the Windows 2003 domain. I was wondering what will happen after one year. Right than the certificate is not valif anymore. Auth-Fail VLAN or Guest-VLAN is a Internet-Only VLAN on the firewall.

When users power on their computer the next mornig, access will be rejected. Is it posible to do a automatic certificate renewal a few days before the validity of the certificate expires ?

Regards

Remco

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
scadora
Cisco Employee
Cisco Employee

‎07-07-2008 06:44 AM

Your certificate template will have a "renewal period" (for example, 6 weeks). Then, 6 weeks (or whatever the renewal period is) before the certificate is supposed to expire, the workstation will automatically attempt to renew its certificate. As long as the workstation is connected to the domain and has access to the CA at some point during that period, it can update its certificate and hence will not fail authentication.

Hope that helps.

Shelly

View solution in original post

0 Helpful
4 Replies 4

Go to solution
scadora
Cisco Employee
Cisco Employee

‎07-07-2008 06:44 AM

Your certificate template will have a "renewal period" (for example, 6 weeks). Then, 6 weeks (or whatever the renewal period is) before the certificate is supposed to expire, the workstation will automatically attempt to renew its certificate. As long as the workstation is connected to the domain and has access to the CA at some point during that period, it can update its certificate and hence will not fail authentication.

Hope that helps.

Shelly

0 Helpful

Go to solution
remco.gussen
Level 1
Level 1
In response to scadora

‎07-07-2008 10:50 AM

Thanx Shelly...

I also saw that in the certificate template !

Problem solved !!

0 Helpful

Go to solution
muhammadsafwan
Level 1
Level 1
In response to remco.gussen

‎10-20-2008 08:55 PM

what happened when the user is outside the network for a very long time and not able to renew the cert before the expiry date?

0 Helpful

Go to solution
remco.gussen
Level 1
Level 1
In response to muhammadsafwan

‎10-21-2008 12:53 AM

Thene authentication will fail.. Certificate is expired.. You have to manually renew the certificate..

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents