Hi all! I'm working on EAP-TLS using a DC and CA in an Active Directory domain.
No problem to import certificates both on the controller and the client, and authentication works fine. However, I'm not sure of the complete process used by the controller, the client, and the role of the AD Domain Controller. In my setup, the AD DC is used as a CA, and delivers certificates for the controller and the client. These certificates are used by both side to verify the identity, and encrypt data. I can't figure out if, at any point, the CA is interrogated by the controller or the client (except for the certificate request). Especially when I check the box "Check against CA certificates". I would expect my controller to actively interrogate the CA to check the CA or client certificate. [image: Images intégrées 1] However, when I capture traffic on my CA, I can't see any traffic coming from the controller. Can someone clarify this option? And maybe explain if the CA is interrogated and how? Andre.
_______________________________________________ Free CCIE R&S, Collaboration, Data Center, Wireless & Security Videos :: iPexpert on YouTube: www.youtube.com/ipexpertinc
