Clients on Windows 8 and 10 fail on boarding. Macs, Windows 7, IOS, and
Androids does not seem to have any issues.
The radius server is issuing the certificates and the Windows 8 and 10
appear to be saying that the radius server is reporting the certificates
revoked.
We can export the certs from the Windows 8 or 10 machine, and then check
the certs on Windows 7 using the command 'certutil -f -urlfetch -verify
cert_name.cer' and the radius server is reporting the certs are fine.
We use our own Root CA and Intermediate CA.
Kevin McCormick
uTech Network Services
Western Illinois University
On 9/24/2015 11:55 AM, Turner, Ryan H wrote:
Let me see if I can clear things up...
Your clients were successfully onboarded, and when the clients connect, they
are reporting that the radius server certificates being sent are revoked? Or
are you saying that your clients are reporting that the radius servers are
saying the client certificates are revoked?
If I read the error, it would indicate to me that your clients are having
issues with the radius server certificates. Who issued the certs?
Ryan H Turner
Senior Network Engineer
The University of North Carolina at Chapel Hill
CB 1150 Chapel Hill, NC 27599
+1 919 445 0113 Office
+1 919 274 7926 Mobile
-----Original Message-----
From: The EDUCAUSE Wireless Issues Constituent Group Listserv
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Kevin McCormick
Sent: Thursday, September 24, 2015 12:00 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems
I know many of you are using EAP-TLS and CloudPath on boarding.
We have ran in to an issue where some Windows 8 and 10 machines will say the
server said the certificates are revoked, but they are not revoked.
We have checked the things like time being correct. We did discover the command
'certutil -f -urlfetch -verify cert_name.cer' will work just fine on Windows 7,
but crashes on Windows 8 and Windows 10. The event viewer is showing these
errors.
"The certificate received from the remote server has been revoked. This means that
the certificate authority that issued the certificate has invalidated it. The SSL
connection request has failed. The attached data contains the server certificate."
-- Attached is the root CA.
"A fatal alert was generated and sent to the remote endpoint. This may result in
termination of the connection. The TLS protocol defined fatal error code is 44. The
Windows SChannel error state is 552."
I have tried googling the problem and and have come up empty.
CouldPath has told our security admin that our university seems to be the only
one having this issue.
Makes me wonder if our certs are being generated with incorrect settings for
Windows 8 and Windows 10.
What algorithm and key length are you using?
Any suggestions?
Kevin McCormick
uTech Network Services
Western Illinois University
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
