08-19-2009 07:00 PM - edited 07-03-2021 05:57 PM
Hi NetPro,
i've loaded the VeriSign Cert but somehow i still hitting the major problem.
Scenario 1:
Company A recommend CN = test-radius-01@google.com
VeriSign recommend CN = test-radius-01.google.com
but, while in the UAT stage . Cert with "CN = test-radius-01.google.com" working on the Laptop . not in the production level.
anyone encountered this before ?
thanks a lot
Jack
08-20-2009 07:01 AM
UAT = User Acceptance Testing?
Not sure what you mean by "working on the Laptop", but if the issue is certificate related, then it's a matter ot trust. Since you don't mention user certs, then I'm guessing you're talking about PEAP authentication. If PEAP auth works on a laptop, and doesn't work on some other machines, then the other machines don't trust the ACS certificate. The entire chain of the certificate must be trusted by the computer trying to connect. Therefore, it must trust the root (the main CA), the intermediate (if there is one), and the actual cert for the machine. If one of the production computers is running a flavor of Windows, do a Start-> Run -> certmgr.msc, and make sure the root CA is in the "Trusted" folders, make sure the issuing CA is in the "Intermediate" folder. That should do it.
If you want to really check if it's a cert issue, just disable the server certificate check on the wireless client (but I don't recommend leaving it that way).
Also - did you install the CA cert on the ACS server?
08-21-2009 02:51 AM
Hi,
Thanks for your information, yes UAT stands for User Acceptance Test.
I've installed the CA cert on the ACS Server.
thanks a lot.
08-21-2009 07:03 AM
Thanks for the points - did installing the CA cert on the ACS server solve the problem?
08-21-2009 07:04 AM
Ack - double post
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: