locked
Secure 802.11 validation error RRS feed

  • Question


  • I've configured an wireless access point over a year ago to use eap/tls everything was working perfectly up until the computer cert for the IAS/CA server expired. Using MMC=>certificates I renewed the server cert, I then deleted all the certs accociate to the SSID/Access point, renewed them and I still get a validation error. If uncheck the the validate server option it then works.

     

    any idea's??

     


    --------------------------------------------------------------------------------
    John 
     

    Sunday, October 7, 2007 1:02 AM

Answers

  • Hi,

     

    In Group Policy, you can configure autoenrollment settings for certificates under Computer Configuration\Windows Settings\Security Settings\Public Key Policies

     

    Set the autoenrollment settings to renew expired certificates here.

     

    -Greg

    Thursday, October 25, 2007 5:13 PM

All replies

  • Can you please give some more details in this regard?

       1. What is the OS version? Windows 2003 Server SP2?

       2. What is the authentication method? PEAP-EAP-MSCHAPv2? If so, after certificate renewal, is the renewed certificate info is updated in the PEAP configuration?

       3. Are both the CA and IAS installed on the same server?

    Thanks,
    Sreenivas
    Wednesday, October 10, 2007 4:15 PM
  • It is a W2003 SP1 with the CA and IAS on the same server. We're using eap-tls, to authenticate our wireless access users. On Friday I create a new computer cert to replace the expireed one. The root CA doesn't expire until 2011.

    Yesterday I deleted the expired computer cert which was associated to the Server and restarted the Certificate Services and it resolved the issue. My laptop was able to login and validate the server. Before I did this I could get it to login if I unchecked the Validate Server check box. Is there a way to automate the renewal of computer certificate so that I don't need to manually renew it?

    thanks
    Wednesday, October 10, 2007 4:28 PM
  • Hi,

     

    In Group Policy, you can configure autoenrollment settings for certificates under Computer Configuration\Windows Settings\Security Settings\Public Key Policies

     

    Set the autoenrollment settings to renew expired certificates here.

     

    -Greg

    Thursday, October 25, 2007 5:13 PM