Can't find valid certificate

[Andrew]

I'm having a problem authenticating with 802.1x over EAP-TLS. There error
I'm getting is 798, which means that a certificate could not be found that
can be used with that Extensible Authentication Protocol (EAP). If I look
at my certificates, I see one in my personal cert store that has the Client
Authentication privledge, so I know it's there (it also let me log onto my
machine with it.)

Can anyone offer troubleshooting advice on things I could do to pinpoint the
problem? Would using Certutil.exe be helpful or is there any way to verify
that the certificate I'm seeing is actually valid and able to be used with
EAP-TLS?

Thanks,
Andrew

 

[Steven L Umbach]

A couple things to check is that the IAS server trusts the issuing CA for
that user certificate, that the certificate is valid [check the valid
dates], and check the logs of the IAS server to see if anything helpful is
recorded there. I would also try requesting a new user certificate also to
see if that works or not. Also check the authentication properties of the
wireless connection and make sure that you have the correct selection for
"when connecting" - use a smart card or use a certificate and try enabling
or disabling use simple certificate selection to see if that makes a
difference or not. --- Steve

 

[Andrew]

Thanks Steve. Turns out the cert was just fine. I ended up solving the
problem by enabling notifications in the Network properties panel. Weird,
eh? By having that deselected it wasn't asking me for the smartcard PIN and
was keeping 802.1x from authenticating. I think they should rename that
checkbox to something more clear. Instead of "Show icon in notification
area when connected" maybe it should say "Enable network connection
notifications "

A couple things to check is that the IAS server trusts the issuing CA for
that user certificate, that the certificate is valid [check the valid
dates], and check the logs of the IAS server to see if anything helpful is
recorded there. I would also try requesting a new user certificate also to
see if that works or not. Also check the authentication properties of the
wireless connection and make sure that you have the correct selection for
"when connecting" - use a smart card or use a certificate and try enabling
or disabling use simple certificate selection to see if that makes a
difference or not. --- Steve

I'm having a problem authenticating with 802.1x over EAP-TLS. There error
I'm getting is 798, which means that a certificate could not be found that
can be used with that Extensible Authentication Protocol (EAP). If I look
at my certificates, I see one in my personal cert store that has the
Client
Authentication privledge, so I know it's there (it also let me log onto my
machine with it.)

Can anyone offer troubleshooting advice on things I could do to pinpoint
the
problem? Would using Certutil.exe be helpful or is there any way to
verify
that the certificate I'm seeing is actually valid and able to be used with
EAP-TLS?

Thanks,
Andrew

 

[Steven L Umbach]

That is weird and never occurred to me as a possibility and I have read a
lot of docs on wireless 802.1X. Great job in tracking that down and thanks
for reporting back what you found. It might save many others grief when they
are trying to figure out the same problem as they search newsgroup
osts. --- Steve

Thanks Steve. Turns out the cert was just fine. I ended up solving the
problem by enabling notifications in the Network properties panel. Weird,
eh? By having that deselected it wasn't asking me for the smartcard PIN
and
was keeping 802.1x from authenticating. I think they should rename that
checkbox to something more clear. Instead of "Show icon in notification
area when connected" maybe it should say "Enable network connection
notifications "

A couple things to check is that the IAS server trusts the issuing CA for
that user certificate, that the certificate is valid [check the valid
dates], and check the logs of the IAS server to see if anything helpful
is
recorded there. I would also try requesting a new user certificate also
to
see if that works or not. Also check the authentication properties of the
wireless connection and make sure that you have the correct selection for
"when connecting" - use a smart card or use a certificate and try
enabling
or disabling use simple certificate selection to see if that makes a
difference or not. --- Steve

I'm having a problem authenticating with 802.1x over EAP-TLS. There error
I'm getting is 798, which means that a certificate could not be found that
can be used with that Extensible Authentication Protocol (EAP). If I look
at my certificates, I see one in my personal cert store that has the
Client
Authentication privledge, so I know it's there (it also let me log onto my
machine with it.)

Can anyone offer troubleshooting advice on things I could do to
pinpoint
the
problem? Would using Certutil.exe be helpful or is there any way to
verify
that the certificate I'm seeing is actually valid and able to be used with
EAP-TLS?

Thanks,
Andrew