Using Third-Party CAs for Wireless Authentication

Previous page
Table of content
Next page

Using Third-Party CAs for Wireless Authentication

You can use third-party CAs to issue certificates for wireless access as long as the certificates installed can be validated and have the appropriate properties.

Certificates on IAS Servers

For the computer certificates installed on the IAS servers, the following must be true:

  • They must be installed in the Local Computer certificate store.

  • They must have a corresponding private key. When you view the properties of the certificate, you should see the text You Have a Private Key That Corresponds To This Certificate on the General tab.

  • The cryptographic service provider for the certificates must support SChannel (Secure Channel). If not, the IAS server cannot use the certificate and it is not selectable from the properties of the Smart Card Or Other Certificate EAP type from the Authentication tab on the properties of a profile for a remote access policy.

  • They must contain the Server Authentication EKU. The OID for Server Authentication is 1.3.6.1.5.5.7.3.1.

  • They must contain the FQDN of the computer account of the IAS server computer in the Subject Alternative Name field.

Additionally, the root CA certificates for the issuing CAs of the wireless client computer and user certificates must be installed in the Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates folder.

Certificates on Wireless Client Computers

For the user and computer certificates installed on wireless client computers, the following must be true:

  • They must have a corresponding private key.

  • They must contain the Client Authentication EKU (OID 1.3.6.1.5.5.7.3.2).

  • Computer certificates must be installed in the Local Computer certificate store.

  • Computer certificates must contain the FQDN of the wireless client computer account in the Subject Alternative Name field.

  • User certificates must be installed in the Current User certificate store.

  • User certificates must contain the UPN of the user account in the Subject Alternative Name field.

Additionally, the root CA certificates of the issuing CAs of the IAS server computer certificates must be installed in the Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates folder.


Previous page
Table of content
Next page
Deploying Secure 802.11 Wireless Networks with Microsoft Windows
Deploying Secure 802.11 Wireless Networks with Microsoft Windows
ISBN: 0735619395
EAN: 2147483647
Year: 2000
Pages: 123
Authors: Joseph Davies
BUY ON AMAZON
CompTIA Project+ Study Guide: Exam PK0-003
SQL Hacks
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Oracle SQL*Plus: The Definitive Guide (Definitive Guides)
Microsoft Visual Basic .NET Programmers Cookbook (Pro-Developer)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy