https://community.cisco.com/t5/network-access-control/windows-7-silently-refusing-server-certificate-over-dot1x/m-p/2850239#M36913 <P>Hello,</P> <P></P> <P>I have setup my controller and ISE for dot1x over wireless.</P> <P>I know what should be done as a best practice in terms of certificates and trusted CA...etc.</P> <P>However it is not do-able to verify the right certificates are on all endpoints especially that</P> <P>most are non-domain devices.</P> <P>I have no issues when MAC-OS or WIN 10 devices try to connect, they get a warning</P> <P>about the certificate and can choose whether to connect or not.</P> <P>However on windows 7 machines, the machines are SILENTLY refusing to accept the</P> <P>ISE certificate and failing to connect. (I can see the certificate error on ISE log)</P> <P>I still can't figure out when does the warning pops up or not. I need it to show up</P> <P>so I can ignore the warning and continue.</P> <P>any ideas ?</P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/ise_connect_prompt.png" class="migrated-markup-image" /></P> <P></P> <P>Regards,</P> <P>Ibrahim</P> <P></P> <P></P> <P></P> Mon, 11 Mar 2019 06:37:34 GMT ibrahim_sms 2019-03-11T06:37:34Z https://community.cisco.com/t5/network-access-control/windows-7-silently-refusing-server-certificate-over-dot1x/m-p/2850239#M36913 <P>Hello,</P> <P></P> <P>I have setup my controller and ISE for dot1x over wireless.</P> <P>I know what should be done as a best practice in terms of certificates and trusted CA...etc.</P> <P>However it is not do-able to verify the right certificates are on all endpoints especially that</P> <P>most are non-domain devices.</P> <P>I have no issues when MAC-OS or WIN 10 devices try to connect, they get a warning</P> <P>about the certificate and can choose whether to connect or not.</P> <P>However on windows 7 machines, the machines are SILENTLY refusing to accept the</P> <P>ISE certificate and failing to connect. (I can see the certificate error on ISE log)</P> <P>I still can't figure out when does the warning pops up or not. I need it to show up</P> <P>so I can ignore the warning and continue.</P> <P>any ideas ?</P> <P><IMG src="https://community.cisco.com/legacyfs/online/media/ise_connect_prompt.png" class="migrated-markup-image" /></P> <P></P> <P>Regards,</P> <P>Ibrahim</P> <P></P> <P></P> <P></P> Mon, 11 Mar 2019 06:37:34 GMT https://community.cisco.com/t5/network-access-control/windows-7-silently-refusing-server-certificate-over-dot1x/m-p/2850239#M36913 ibrahim_sms 2019-03-11T06:37:34Z https://community.cisco.com/t5/network-access-control/windows-7-silently-refusing-server-certificate-over-dot1x/m-p/2850240#M36914 <P>Hi Ibrahim-</P> <P>A couple of questions:</P> <P>1. Have you confirmed that the Root CA's certificate is in the "Trusted Root Certificate" store on the client machine?</P> <P>2. Can you check and confirm that there aren't multiple client certificates in the local certificate store</P> <P>3. Can you post screenshots of how the supplicant is configured</P> <P>Also,&nbsp;</P> <P><EM>Thank you for rating helpful posts!</EM></P> Wed, 30 Mar 2016 17:23:15 GMT https://community.cisco.com/t5/network-access-control/windows-7-silently-refusing-server-certificate-over-dot1x/m-p/2850240#M36914 nspasov 2016-03-30T17:23:15Z