locked
Using Certificate for Authenticating Domain Joined Machines RRS feed

  • Question

  • Hello There,

    I have installed and configured NPS and i am trying to use certificate authenticaito for authenticating Domain joined machines for WiFi Access.

    I have Windows Enterprise CA and also deployed the client certificates for all machines.

    I get the following error on NPS Server when the client tries to authenticate "A certificate chain could not be built to a trusted root authority"

    Please suggest.

    Thanks,

    Maqsood


    Maqsood Mohammed Senior Systems Engineer MCITP-Enterprise Admin & ITILv3 Foundation Certified

    Thursday, April 16, 2015 12:57 PM

Answers

  • Hi Maqsood,

    >> Yes i have Root CA which is Offline and a Subordinate CA (in Domain)

    This can be the cause. If CA is offline, the certificate revocation check will be failed.

    >>I can see the Root CA certificate installed on both NPS server and client but i don't see subordinate CA which is Certificate Server in Domain.

    Please check that the certificate is issued by which CA. If the certificate is issued by the RootCA directly, that's OK.

    Otherwise, we need to import the subordinate CA certificate.

    Best Regards


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.



    Monday, May 11, 2015 9:50 AM

All replies

  • Hi Maqsood,

    Are the certificates used by clients and server are issued by the same CA?

    If yes, please make sure that the Root Certificate has been installed on both server and clients.

    The Root Certificate should be installed in  the following location:

    Computer account -> Trusted Certificate Authorities -> Certificates

    Best Regads.


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Sunday, April 19, 2015 12:41 PM
  • Hi Steven,

    Thanks for your response. Yes i have Root CA which is Offline and a Subordinate CA (in Domain)

    I can see the Root CA certificate installed on both NPS server and client but i don't see subordinate CA which is Certificate Server in Domain.

    Thanks,

    Maqsood


    Maqsood Mohammed Senior Systems Engineer MCITP-Enterprise Admin & ITILv3 Foundation Certified

    Sunday, April 19, 2015 1:01 PM
  • Hi Maqsood,

    >> Yes i have Root CA which is Offline and a Subordinate CA (in Domain)

    This can be the cause. If CA is offline, the certificate revocation check will be failed.

    >>I can see the Root CA certificate installed on both NPS server and client but i don't see subordinate CA which is Certificate Server in Domain.

    Please check that the certificate is issued by which CA. If the certificate is issued by the RootCA directly, that's OK.

    Otherwise, we need to import the subordinate CA certificate.

    Best Regards


    Steven Lee Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.



    Monday, May 11, 2015 9:50 AM