EAP-TLS with a standalone CA

[izael]

Hi, is it posible to implement EAP-TLS with a Microsoft standalone CA?

I´m trying to implement EAP-TLS wireless authetication, I´m using
microsoft IAS server, a Root Standalone microsoft 2000 Certification
Authority, and microsoft winXP, but the certificates issued by the CA
server to the clients seems not being validated by the IAS server...
Has anybody implement EAP-TLS with a microsoft Standalone
certification authority?, what characteristics should the certificate
have?

thanks

 

[David Cross [MS]]

I am not an expert on config EAP-TLS, but the trick with a standalone CA is
that it must be trusted as a root on the IAS server (not automatic with
standalone and I believe it must be also in the NTAuth store). IN some ways
using a standalone CA is like using a third party CA in that it must be
manually trusted in AD, etc.

How to Import a Third-Party Certificate into the NTAuth Store (Q295663):
http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q295663

Q321051 Enabling LDAP over SSL with Third-Party CAs
http://kbtools/PreviewWEB/PreviewQ.asp?Q=321051 &TypeID=1&ID=10

 

[Brian Komar]

Hi, is it posible to implement EAP-TLS with a Microsoft standalone CA?

I´m trying to implement EAP-TLS wireless authetication, I´m using
microsoft IAS server, a Root Standalone microsoft 2000 Certification
Authority, and microsoft winXP, but the certificates issued by the CA
server to the clients seems not being validated by the IAS server...
Has anybody implement EAP-TLS with a microsoft Standalone
certification authority?, what characteristics should the certificate
have?

thanks

Izael,

It can be done, but you will need to have Active Directory running,
which would really warrant using an enterprise CA.

What you must do is use certreq.exe and a customized inf file to place
the required information in the certificate if you use a standalone CA.

Brian