EAP-TLS 'Validate Server Certificate'

[Guest]

I am currently trying to test an architecture with EAP-TLS authenticating
Windows XP and CE wireless clients.
On my Windows XP (with SP2); when I have a wireless group policy which has
the 'Validate Server Certificate' checked, the client fails to authenticate!.
This, inspite of the fact that the Enterprise root CA shows up in the list on
the client and is checked (or unchecked, I've tried both).
For some odd reason, I am beginning to think this has something to do with
the certificate itself.
I came across this KB artile
http://support.microsoft.com/default.aspx?scid=kb;en-us;814394
There issomething in the server certificate requirements section that I am
unable to understand.
1. Name in the subject line of the server certifidcate matches the name that
is configured on teh client for connection (???)
Does this mean that my SSID should be the same as the subject name of the
certificate (?)
Does anyone have more information on this? I have my server certificate
configured exactly according to the "Securing wireless LANs with Certificate
Services" documentation.

Thanks,
--Vasu.

 

[Guest]

Sorry about the confusion. I figured it out! I had missed the step of
configuring the subject name of the certificate. This has to be set to CN as
stated in the "Securing wireless LANs with Certificate Services". (Step 4,
Page 113 of the build guide)
Once I did that the client successfully authenticated and life is good.

Thanks,
--Vasu.