EAP-TLS Client enrollment recovery.
- From: Anthony <Anthony@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 16 Jul 2008 13:04:15 -0700
Our Client (Win CE 5.00 device) connects to a wireless network using EAP-TLS
authentication.
We programmatically enroll Clients (web-enrollment) that get certificates
from Windows Server 2003.
Client connects to the network and works fine until we have to reboot Client
(Win CE).
On reboot all certificate stores (“MY”, “ROOT” and “CA”) loose certificates
installed during enrollment processes (Client has a RAM-based registry) and
we have to go through the regular enrollment process once again. Going
through this process is not feasible in some cases (device has to visit a
special station), so we need to re-install certificate from a file.
I tried to serialize certificate (CertSerializeCertificateStoreElement())
just after enrollment and than restore certificate (using
CertAddSerializedElementToStore) and a session key after reboot, but network
authentication fails with the following error:
Reason-Code = 260
Reason = The message or signature supplied for verification has been altered
My question is
What is the correct way to restore certificate and Client authentication
settings/properties programmatically?
Thanks Anthony
.
- Follow-Ups:
- RE: EAP-TLS Client enrollment recovery.
- From: Mounir IDRASSI
- RE: EAP-TLS Client enrollment recovery.
- Prev by Date: RE: CSPs and Certificate Extensions
- Next by Date: RE: CSPs and Certificate Extensions
- Previous by thread: RE: CSPs and Certificate Extensions
- Next by thread: RE: EAP-TLS Client enrollment recovery.
- Index(es):
Relevant Pages
|
