Just curious, for those running a supplicant configuration utility, why are you using a public CA-signed EAP server certificate?
On 7/31/18, 4:21 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Charles Rumford" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of charl...@isc.upenn.edu> wrote: On 07/31/2018 04:18 PM, Michael Dickson wrote: > Hi Charles, > > > What do you mean by "we ended up configuring all of the intermediate certs"? Do > you mean you are now pushing all certs down to the client during the JoinNow > process? Yes. We ended up, just for Windows, pushing all of certs down to the clients. It was the only way we could get the profile to work. > > > We are also running EAP-TTLS/PAP with JoinNow with a cross-signed double > intermediate cert. I haven't heard of any issues yet but want to get in front of > any that might crop up.. > > > Thanks, > Mike > > Michael Dickson > Network Engineer > Information Technology > University of Massachusetts Amherst > 413-545-9639 > michael.dick...@umass.edu > PGP: 0x16777D39 > > > > -------------------------------------------------------------------------------- > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Charles Rumford > <charl...@isc.upenn.edu> > *Sent:* Tuesday, July 31, 2018 12:24 PM > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > *Subject:* Re: [WIRELESS-LAN] Issues with Windows 10 > > On 07/30/2018 01:09 PM, Turner, Ryan H wrote: >> From SecureW2: >> >> The issue is noticed when the RADIUS server cert is signed by AddTrust External CA Root (Cross signed by USERTrust RSA Certification Authority) and with the recent windows 10 update. We are looking into this and should be able to provide you an update. >> > > We ended up configuring all of the intermediate certs, and it solved the problem. > > > -- > Charles Rumford > Senior Network Engineer > ISC Tech Services > University of Pennsylvania > OpenPGP Key ID: 0x173F5F3A (2018/07/05) > > > ********** > Participation and subscription information for this EDUCAUSE Constituent Group > discussion list can be found at http://www.educause.edu/discuss. > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at http://www.educause.edu/discuss. > -- Charles Rumford Senior Network Engineer ISC Tech Services University of Pennsylvania OpenPGP Key ID: 0x173F5F3A (2018/07/05) ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.