Re: PEAP based 802.1x LAN authentication

From: Rodrigo Blanco (rodrigo.blanco.r_at_gmail.com)
Date: 04/09/05

Next message: Jim Harrison (ISA): "RE: Windows XP SP2 update"

Previous message: Russell Lavoie: "RE: Checking what GPs are in effect"
In reply to: Pidgorny, Slav: "RE: PEAP based 802.1x LAN authentication"
Next in thread: Pidgorny, Slav: "RE: PEAP based 802.1x LAN authentication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 9 Apr 2005 03:08:54 -0600
To: "Pidgorny, Slav" <slav.pidgorny@anz.com>

That was the key.

Now it is working, but I had to deploy MS Certificate Service in order
to generate the certificate. I wonder if there is a way to generate a
certificate with Microsoft RSA Schannel CSP using openssl or some
free/open tool.

Also, when I enrolled the server certificate directly from the MS CA
web server, it did not work (some error like "cannot retrieve
credentials"). Just worked when I exported and re-imported the
certificate :-/

Thanks to all of you and best regards.

Rodrigo.

On Apr 7, 2005 5:09 PM, Pidgorny, Slav <slav.pidgorny@anz.com> wrote:
> You have to select Microsoft RSA Schannel CSP when enrolling for the IAS certificate.
>
> HTH
>
> Slav Pidgorny, MS MVP - Security, MCSE
>
>
> > > When I try to configure PEAP in the IAS Dial-in profile, I get an error
> > > message stating: "A certificate could not be found that can be used with
> > > this Extensible Authentication Protocol". I think some key usage or
> > > extended key usage attributes must be missing, or that I have created /
> > > installed the certificate wrong, but did not find the problem.
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
>
>

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Jim Harrison (ISA): "RE: Windows XP SP2 update"

Previous message: Russell Lavoie: "RE: Checking what GPs are in effect"
In reply to: Pidgorny, Slav: "RE: PEAP based 802.1x LAN authentication"
Next in thread: Pidgorny, Slav: "RE: PEAP based 802.1x LAN authentication"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

SCEP, Integrity check failed, Latest mscep.dll? 5.131.2199.1??
... I see an issue where enrolling for a certificate using SCEP and a ... Microsoft CA sometimes gives an "Integrity Check ... Failed" SCEP response. ... In all cases stop/restarting the Certificate ...
(microsoft.public.win2000.security)
Re: Certificate difference
... Are you enrolling for different certificate templates (Via mmc and web ... > With mmc snap-in I can create user certificate for Tom ...
(microsoft.public.win2000.security)
Question regarding issuing certificates to users
... As part of the policy for issuing certificates, we want each enrolling ... I would like to know as to how I can enforce such a policy. ... requirement is that if the user requests for an additional ... certificate, the CA server should deny the request automatically. ...
(microsoft.public.win2000.security)