We've been dealing with the same issue, with different SSL apps. In our case,
Java itself and MacOS both appear to get various levels of cranky if they
can't perform an OCSP check in a captive portal environment. So far the
closest thing to a reliable solution we've found is to poke holes in the
private network to allow OCSP to work for whatever CA you're using.
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
Manager of Network Operations | is simple, elegant, and wrong.
Worcester Polytechnic Institute | - HL Mencken
On 7/30/2013 4:33 PM, Lee H Badman wrote:
Our environment:
* Cisco WLAN
* Expressconnect from Cloudpath (usually pretty flawless, used for years)
* A “help” SSID that takes clients to Expressconnect utility on dead-end,
private network
* MS-CHAPv2/PEAP with AES 802.1x network
* Cisco ACS RADIUS with GoDaddy Certs
On a late batch of Windows 8 PCs, especially ASUS 400ca, finding that Win8
comes with limited certs (no Go Daddy) and so needs to reach Internet to find
them or to trust them from Expressconnect tool. Because our config net is
private, Win 8 needs to trust them from the Expressconnect utility, but wont
until you play with registry keys you shouldn’t have to, and seems
inconsistent whether Expressconnect prompts you for UUAC privilege escalation
or not to make system changes.
So far it’s a small pool of nightmare machines, but wondering if anyone else
is experiencing similar? All other OS’ work like a champ, as do some Win 8
machines, in this environment and config framework.
Regards-
Lee Badman
********** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
