Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
400
Views
0
Helpful
1
Replies

SSL certificate from subordinate CA and EAP authentication

Joseph Johnson
Level 1
Level 1

‎08-17-2016 10:16 AM - edited ‎03-11-2019 12:00 AM

I have found that EAP clients will receive a message asking if they trust a certificate (wildcard or single server) if an SSL certificate from a 3rd party provider is created by an intermediate CA server. This never happens if the certificate is received from a root CA server. I have tried:

  1. Opening up the IP addresses for the SSL provider CRL/OCSP servers to the limited access ACL.
  2. Verifying the server certificate is enabled as a trusted root/intermediate CA (Windows) and/or the client has the root and intermediate certificate in the trust store/keychain.

Nothing has worked. Once the client acknowledges that it does trust the certificate, they are usually not prompted again (may be prompted several months later). The same certificate can be used on a web portal and there is no error in the browser.

Has anyone else ran into this issue? 

Labels:
0 Helpful
1 Reply 1

jan.nielsen
Level 7
Level 7

‎08-19-2016 02:14 PM

I believe this is windows related, at some point MS began requiring that you roll out a GPO with your PEAP settings in it, to avoid security prompts when using PEAP, as i remember it you need to fill out the CN of your radius servers certificates in the proper fields in the PEAP settings (server trust part).

0 Helpful
Customers Also Viewed These Support Documents