locked
Using Certificate for Authenticating Domain Joined Machines RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hello There,

    I have installed and configured NPS and i am trying to use certificate authenticaito for authenticating Domain joined machines for WiFi Access.

    I have Windows Enterprise CA and also deployed the client certificates for all machines.

    I get the following error on NPS Server when the client tries to authenticate "A certificate chain could not be built to a trusted root authority"

    Please suggest.

    Thanks,

    Maqsood

    Maqsood Mohammed Senior Systems Engineer MCITP-Enterprise Admin & ITILv3 Foundation Certified

    Thursday, April 16, 2015 12:57 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Maqsood,

    >> Yes i have Root CA which is Offline and a Subordinate CA (in Domain)

    This can be the cause. If CA is offline, the certificate revocation check will be failed.

    >>I can see the Root CA certificate installed on both NPS server and client but i don't see subordinate CA which is Certificate Server in Domain.

    Please check that the certificate is issued by which CA. If the certificate is issued by the RootCA directly, that's OK.

    Otherwise, we need to import the subordinate CA certificate.

    Best Regards

    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.



    Monday, May 11, 2015 9:50 AM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Maqsood,

    Are the certificates used by clients and server are issued by the same CA?

    If yes, please make sure that the Root Certificate has been installed on both server and clients.

    The Root Certificate should be installed in  the following location:

    Computer account -> Trusted Certificate Authorities -> Certificates

    Best Regads.

    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Sunday, April 19, 2015 12:41 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Steven,

    Thanks for your response. Yes i have Root CA which is Offline and a Subordinate CA (in Domain)

    I can see the Root CA certificate installed on both NPS server and client but i don't see subordinate CA which is Certificate Server in Domain.

    Thanks,

    Maqsood

    Maqsood Mohammed Senior Systems Engineer MCITP-Enterprise Admin & ITILv3 Foundation Certified

    Sunday, April 19, 2015 1:01 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi Maqsood,

    >> Yes i have Root CA which is Offline and a Subordinate CA (in Domain)

    This can be the cause. If CA is offline, the certificate revocation check will be failed.

    >>I can see the Root CA certificate installed on both NPS server and client but i don't see subordinate CA which is Certificate Server in Domain.

    Please check that the certificate is issued by which CA. If the certificate is issued by the RootCA directly, that's OK.

    Otherwise, we need to import the subordinate CA certificate.

    Best Regards

    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.



    Monday, May 11, 2015 9:50 AM