I assumed you configured your client to explicitly trust the ACS server certificate. In our setup, only the root & intermediate certificates are configured on the client. We can then update our server certificates without any issue as long as we continue to use the same certificate chain.
Unfortunately, we are preparing to move to a new certificate chain :( Bruce Osborne Network Engineer IT Network Services (434) 592-4229 Liberty University | Training Champions for Christ since 1971 -----Original Message----- From: Dennis Xu [mailto:[email protected]] Sent: Wednesday, October 23, 2013 3:40 PM Subject: Re: Wireless authentication issue after certificate renew Thanks Bruce. Our ACS server is configured to send all intermediate CAs to clients together (so the client can chain the certificate all the way to its trusted root authority) with the server certificate and we are renewing the certificate with the same CN name and same trust chain. I talked with our certificate provider Thawte and they said it is Apple's issue. Could you let me know how the CloudPath XpressConnect Wizard can avoid this issue? --- Dennis Xu Analyst 3, Network Infrastructure Computing and Communications Services(CCS) University of Guelph 519-824-4120 Ext 56217 [email protected] www.uoguelph.ca/ccs ----- Original Message ----- From: "Bruce W Osborne (Network Services)" <[email protected]> To: [email protected] Sent: Friday, October 11, 2013 7:48:23 AM Subject: Re: [WIRELESS-LAN] Wireless authentication issue after certificate renew We use CloudPath XpressConnect Wizard to provision our clients. It only pushed the upstream certificate chain for trust, not the actual server certificates. You can seamlessly renew your certificates if you keep the same trust chain. Bruce Osborne Network Engineer IT Network Services (434) 592-4229 Liberty University | Training Champions for Christ since 1971 -----Original Message----- From: Dennis Xu [mailto:[email protected]] Sent: Thursday, October 10, 2013 1:51 PM Subject: Wireless authentication issue after certificate renew This morning we installed the certificate renewal on our ACS 5.3 servers. The certificate is used for wireless PEAP authentication. After the renewal, we noticed some 5411 EAP timeout errors in ACS logs and the error mainly happened for Apple devices. When we checked it on one Iphone, it could not automatically connect to the wireless network (it used to connect automatically). Then we had to manually connect to the network again and acknowledge certificate on Iphone then it can connect. Android and Blackberry devices do not have this issue. I am thinking what we can do to make the certificate renewal process seamless. Has anyone experienced this issue as well and do you have any solutions? Thanks in advance. --- Dennis Xu Analyst 3, Network Infrastructure Computing and Communications Services(CCS) University of Guelph 519-824-4120 Ext 56217 [email protected] www.uoguelph.ca/ccs ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
