BTW... I am only trying to clear this up, because as I read this, it would have nothing to do with your client certificates, and everything to do with the server certificate being offered by your authentication server (freeRadius/etc) to the client. It is possible that there is a problem with the authentication server certificate, and certain clients/operating systems are more sensitive to this than others.
Ryan H Turner Senior Network Engineer The University of North Carolina at Chapel Hill CB 1150 Chapel Hill, NC 27599 +1 919 445 0113 Office +1 919 274 7926 Mobile -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Turner, Ryan H Sent: Thursday, September 24, 2015 12:56 PM To: [email protected] Subject: Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems Let me see if I can clear things up... Your clients were successfully onboarded, and when the clients connect, they are reporting that the radius server certificates being sent are revoked? Or are you saying that your clients are reporting that the radius servers are saying the client certificates are revoked? If I read the error, it would indicate to me that your clients are having issues with the radius server certificates. Who issued the certs? Ryan H Turner Senior Network Engineer The University of North Carolina at Chapel Hill CB 1150 Chapel Hill, NC 27599 +1 919 445 0113 Office +1 919 274 7926 Mobile -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[email protected]] On Behalf Of Kevin McCormick Sent: Thursday, September 24, 2015 12:00 PM To: [email protected] Subject: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems I know many of you are using EAP-TLS and CloudPath on boarding. We have ran in to an issue where some Windows 8 and 10 machines will say the server said the certificates are revoked, but they are not revoked. We have checked the things like time being correct. We did discover the command 'certutil -f -urlfetch -verify cert_name.cer' will work just fine on Windows 7, but crashes on Windows 8 and Windows 10. The event viewer is showing these errors. "The certificate received from the remote server has been revoked. This means that the certificate authority that issued the certificate has invalidated it. The SSL connection request has failed. The attached data contains the server certificate." -- Attached is the root CA. "A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 44. The Windows SChannel error state is 552." I have tried googling the problem and and have come up empty. CouldPath has told our security admin that our university seems to be the only one having this issue. Makes me wonder if our certs are being generated with incorrect settings for Windows 8 and Windows 10. What algorithm and key length are you using? Any suggestions? Kevin McCormick uTech Network Services Western Illinois University ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
