Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
268
Views
0
Helpful
1
Replies

Windows 7 silently refusing server certificate over dot1x

ibrahim_sms
Level 1
Level 1

‎03-30-2016 05:05 AM - edited ‎03-10-2019 11:37 PM

Hello,

I have setup my controller and ISE for dot1x over wireless.

I know what should be done as a best practice in terms of certificates and trusted CA...etc.

However it is not do-able to verify the right certificates are on all endpoints especially that

most are non-domain devices.

I have no issues when MAC-OS or WIN 10 devices try to connect, they get a warning

about the certificate and can choose whether to connect or not.

However on windows 7 machines, the machines are SILENTLY refusing to accept the

ISE certificate and failing to connect. (I can see the certificate error on ISE log)

I still can't figure out when does the warning pops up or not. I need it to show up

so I can ignore the warning and continue.

any ideas ?

Regards,

Ibrahim

Labels:
0 Helpful
1 Reply 1

nspasov
Cisco Employee
Cisco Employee

‎03-30-2016 10:23 AM

Hi Ibrahim-

A couple of questions:

1. Have you confirmed that the Root CA's certificate is in the "Trusted Root Certificate" store on the client machine?

2. Can you check and confirm that there aren't multiple client certificates in the local certificate store

3. Can you post screenshots of how the supplicant is configured

Also, 

Thank you for rating helpful posts!

Thank you for rating helpful posts!
0 Helpful
Customers Also Viewed These Support Documents