802.1x EAP-TLS with Certificates and Access Points on Windows Server2008 CA

  • Thread starter Thread starter sniper1977
  • Start date Start date
S

sniper1977

Hello Group,



I have trouble to authenticate Access Points via EAP-TLS on a Windows

2008 Enterprise Server Domian.



Following scenario:



Our Access Points can be authenticated via certificates. To this I can

upload .p12 certificates with privat keys.

The Access Points should be authenticated by an Windows 2008

Enterprise Radius Server and the domian controller running on the same

system.



802.1x (PEAP and EAP-TLS) for the wlan-clients (Laptops) and for user

of the clients works correct. The certificates are generated via

webinterface of the ca.



But now my problem:

How can I create a certificate for the access point which is working

for authentication via the Radius Server.

I created certificate templates based on user templates but this

templates aren't working. I read the 2008 Radius Server needs an

"subject alternativ name" in the certificate. If I create a user

certificate (via standard template) I can find the SAN as principal

name but I can't create certificates via my template (copied from user

template) with san.



One additional hint: I will not create an user for every access point,

login with this account and then create a certificate for each access

point (we use over 400 access points!) -/ (this is working I know).



I will create a user for every access point, yes. But not login for

every!!!



Is it right to use a user template? What is to change to get it's

running?

Does enyone have a guide?



Thanks

Sniper
 
802.1x EAP-TLS with Certificates and Access Points on WindowsServer 2008 CA

One further hint: SCEP isn't a solution in this case. It isn't

supported by the access points!





On 23 Jun., 08:38, sniper1977 wrote:

> Hello Group,

>

> I have trouble to authenticate Access Points via EAP-TLS on a Windows

> 2008 Enterprise Server Domian.

>

> Following scenario:

>

> Our Access Points can be authenticated via certificates. To this I can

> upload .p12 certificates with privat keys.

> The Access Points should be authenticated by an Windows 2008

> Enterprise Radius Server and the domian controller running on the same

> system.

>

> 802.1x (PEAP and EAP-TLS) for the wlan-clients (Laptops) and for user

> of the clients works correct. The certificates are generated via

> webinterface of the ca.

>

> But now my problem:

> How can I create a certificate for the access point which is working

> for authentication via the Radius Server.

> I created certificate templates based on user templates but this

> templates aren't working. I read the 2008 ?Radius Server needs an

> "subject alternativ name" in the certificate. If I create a user

> certificate (via standard template) I can find the SAN as principal

> name but I can't create certificates via my template (copied from user

> template) with san.

>

> One additional hint: I will not create an user for every access point,

> login with this account and then create a certificate for each access

> point (we use over 400 access points!) -/ (this is working I know).

>

> I will create a user for every access point, yes. But not login for

> every!!!

>

> Is it right to use a user template? What is to change to get it's

> running?

> Does enyone have a guide?

>

> Thanks

> Sniper
 
802.1x EAP-TLS with Certificates and Access Points on Windows Server 2008 CA

Try posting in Windows Server Security forum:

http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads



sniper1977 wrote:

> One further hint: SCEP isn't a solution in this case. It isn't

> supported by the access points!

>

>

> On 23 Jun., 08:38, sniper1977 wrote:

>> Hello Group,

>>

>> I have trouble to authenticate Access Points via EAP-TLS on a Windows

>> 2008 Enterprise Server Domian.

>>

>> Following scenario:

>>

>> Our Access Points can be authenticated via certificates. To this I can

>> upload .p12 certificates with privat keys.

>> The Access Points should be authenticated by an Windows 2008

>> Enterprise Radius Server and the domian controller running on the same

>> system.

>>

>> 802.1x (PEAP and EAP-TLS) for the wlan-clients (Laptops) and for user

>> of the clients works correct. The certificates are generated via

>> webinterface of the ca.

>>

>> But now my problem:

>> How can I create a certificate for the access point which is working

>> for authentication via the Radius Server.

>> I created certificate templates based on user templates but this

>> templates aren't working. I read the 2008 Radius Server needs an

>> "subject alternativ name" in the certificate. If I create a user

>> certificate (via standard template) I can find the SAN as principal

>> name but I can't create certificates via my template (copied from user

>> template) with san.

>>

>> One additional hint: I will not create an user for every access point,

>> login with this account and then create a certificate for each access

>> point (we use over 400 access points!) -/ (this is working I know).

>>

>> I will create a user for every access point, yes. But not login for

>> every!!!

>>

>> Is it right to use a user template? What is to change to get it's

>> running?

>> Does enyone have a guide?

>>

>> Thanks

>> Sniper
 
Back
Top