Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
620
Views
2
Helpful
6
Replies

Some questions regarding certificate based authentication

Go to solution
rezaalikhani
VIP
VIP

‎11-28-2024 05:59 AM

Hi all;

When configuring EAP authentication methods on the Windows-based supplicant, one of the possible options is to choose your desired Trusted Root Certificate Authorities. Right?

rezaalikhani_0-1732801965826.png

My question is that, why choosing any trusted certificate in this box at all? Based of my findings, even not choosing any certificate here, the authentication process goes smoothly...

Another question is that, as you can see above, even though I have one Root CA in my lab, there is two entries in the "Trusted Root Certificate Authorities" section. Can anybody explain why?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
JPavonM
VIP
VIP

‎11-28-2024 06:47 AM

As @Flavio Miranda pointed out, you may need to choose one certificate when there are multiple of them installed in the computer, specially useful for merge and acquisitions when there could be one from the legacy company and one from the new company. Windows does not make a good job when selecting "Simple Certificate selection" as it use to select the first one, which may be not the right one.

Regarding the question about duplicated Trusted Root CA entries in the Windows wireless profile window, that's something up to Windows, may be something with an intention, or maybe a cosmethic issue, but this is happening since I remember for company CA certificates.

View solution in original post

6 Replies 6

Go to solution
Flavio Miranda
VIP
VIP

‎11-28-2024 06:21 AM

@rezaalikhani 

 The way I see it they are not there to be chose. They are available to be used and the check box can be used for specif configuration and view the certificate.

 "Trusted Root Certificate Authorities" are the companies that now a days are recognized as valid and trustfull certificate authorities and vendors install by default. Not often but sometimes it happens to one of those companies be removed. Most recent case I am aware of is Entrust company.

 Hard to say  why your installation got two entry but you can remove one if that is the case.

Go to solution
rezaalikhani
VIP
VIP
In response to Flavio Miranda

‎11-28-2024 06:23 AM - edited ‎11-28-2024 06:25 AM

What specific configuration do you mean?

You can view the content of the certificate even without first check marking it...

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to rezaalikhani

‎11-28-2024 06:27 AM

Select one and  and go to view certificate.

0 Helpful

Go to solution
rezaalikhani
VIP
VIP
In response to Flavio Miranda

‎11-28-2024 06:30 AM

As you can see in the following document, Cisco TAC clearly specifying the choose operation. I want to know why?

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/213543-configure-eap-tls-flow-with-ise.html#toc-hId--271866854

Thanks

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to rezaalikhani

‎11-28-2024 06:33 AM

Exactly what I Just Said. They choose one and go to advanced for specific configuration

0 Helpful

Go to solution
JPavonM
VIP
VIP

‎11-28-2024 06:47 AM

As @Flavio Miranda pointed out, you may need to choose one certificate when there are multiple of them installed in the computer, specially useful for merge and acquisitions when there could be one from the legacy company and one from the new company. Windows does not make a good job when selecting "Simple Certificate selection" as it use to select the first one, which may be not the right one.

Regarding the question about duplicated Trusted Root CA entries in the Windows wireless profile window, that's something up to Windows, may be something with an intention, or maybe a cosmethic issue, but this is happening since I remember for company CA certificates.

Customers Also Viewed These Support Documents
Top