Re: [WIRELESS-LAN] EAP-TLS Windows 8 and 10 Problems

Thu, 24 Sep 2015 10:10:16 -0700

We found a bug with the CloudPath onboarding and microsoft cert checking. We are using Microsoft NPS for the RADIUS server and it would randomly start saying that the certificate had been revoked. Cloudpath released an update for fix this issue. Upgrading the Enrollment Server fixed this for us. 

-------------------------------
Craig Pluchinsky
IT Services
Indiana University of Pennsylvania
724-357-3327


On Thu, 24 Sep 2015, Kevin McCormick wrote:


I know many of you are using EAP-TLS and CloudPath on boarding.


We have ran in to an issue where some Windows 8 and 10 machines will say the 
server said the certificates are revoked, but they are not revoked. We have 
checked the things like time being correct. We did discover the command 
'certutil -f –urlfetch -verify cert_name.cer' will work just fine on Windows 
7, but crashes on Windows 8 and Windows 10. The event viewer is showing these 
errors.



"The certificate received from the remote server has been revoked. This means 
that the certificate authority that issued the certificate has invalidated 
it. The SSL connection request has failed. The attached data contains the 
server certificate."  -- Attached is the root CA.



"A fatal alert was generated and sent to the remote endpoint. This may result 
in termination of the connection. The TLS protocol defined fatal error code 
is 44. The Windows SChannel error state is 552."


I have tried googling the problem and and have come up empty.


CouldPath has told our security admin that our university seems to be the 
only one having this issue.



Makes me wonder if our certs are being generated with incorrect settings for 
Windows 8 and Windows 10.


What algorithm and key length are you using?

Any suggestions?

Kevin McCormick
uTech Network Services
Western Illinois University

**********

Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/groups/.




**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.






















					Reply via email to