Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Client is trusting a root CA that did not issue server certificate

Hi, all, I am having a strange problem I can not explain. I am deploying EAP-TLS in our internal wireless network. I use Windows2003 server certificate service as root CA. When I first installed the service, I chose a root CA name as "Root-CA", later I learned that in order to support SCEP, I can not have non-alphanumerical root CA name, so I uninstalled the service and reinstalled it and re-created root CA with name "RootCA".

When XP clients do certificate web enrollment and install the certificate, I see three CAs listed in trusted root CA, they are "RootCA", "RootCA", "Root-CA", each created in different time.

IAS's certificate is issued by "RootCA"

Now when "RootCA" is trusted on client, I can not get EAP-TLS to work, Windows IAS is complaining: "Unexpected error, Possible error in server or client configuration", but if client trusts "Root-CA", then authentication passes. Why is that? IAS Radius server's certificate is issued by "RootCA" not "Root-CA" ...


Re: Client is trusting a root CA that did not issue server certi

Complete these steps to Approve the Certificate from the CA

1. Choose Start > Programs > Administrative Tools > Certificate Authority.

2. Expand the certificate on the left pane.

3. Select Pending Requests.

4. Right-click on the certificate.

5. Select all tasks.

6. Select Issue.

Here is the URL for the EAP-TLS Version 1.01 Configuration Guide