Networking Forums
Home Register Members Search Links
Member Login:

Networking Forums > Computer Networking > Windows Networking > Error "one of the CA certificates is not trusted by the policy provider"

Reply
Thread Tools Display Modes

Error "one of the CA certificates is not trusted by the policy provider"

 
 
Paul Barber
Guest
Posts: n/a

 
      12-17-2003, 03:04 PM
I am trying to set up 802.1x authentication for a wireless
lan rollout using 802.1x with Windows 2003 server running
IAS and a Stand-Alone CA.

To be clear, I am using the same Windows 2003 server as
both an IAS server and stand-alone certificate authority.

I installed a computer certificate for IAS on the server,
requesting a Server Authentication certificate and "RSA
SChannel" for the CSP option, storing the cert in the
local computer certificate store.

In IAS, I set up a Wireless remote access policy via the
wizard. I chose "Smart card or other certificate" for an
EAP Provider. Editing that provider selection allows me
to verify that it's using the aforementioned server
authentication certificate.

The wireless access point is set up to use this server as
the Radius server.

On the client, I plugged in to the wired lan and requested
a client authentication certificate, leaving every option
at the default. When I installed that certificate, I was
prompted to add the Windows 2003 server to my Trusted Root
store, which I approved. I then unplugged from the wired
lan and plugged in my wireless adapter (for which I've
already loaded the drivers and configured for 802.1x).
I'm prompted to choose a certificate to use for the
connection, I then select the Client Authentication
certificate, the network connection quickly show a status
of "Validating Identity" and then I'm prompted to select
the certificate again.

On the server's event viewer, for IAS I get a single error
per attempt: "A certification chain processed correctly,
but one of the CA certificates is not trusted by the
policy provider."

I'm assuming that the Root CA certificate is the one I
find on the CA itself, issued by itself, to itself and
valid for "All issuance policies" and "All application
policies". I've tried installing that certificate in the
user and computer "Trusted Root Certification Authorities"
on the client and the server, to no avail.

Which machine is not trusting the CA certificate, the
server or the client? What piece am I missing?
 
Reply With Quote
 
 
 
 
Mark Ciccarello
Guest
Posts: n/a

 
      12-21-2003, 05:43 PM

Paul -

I'm pursuing something very similiar in
microsoft.public.internet.radius. See the discussion
there. It may help you.

Mark



>-----Original Message-----
>I am trying to set up 802.1x authentication for a
wireless
>lan rollout using 802.1x with Windows 2003 server
running
>IAS and a Stand-Alone CA.
>
>To be clear, I am using the same Windows 2003 server as
>both an IAS server and stand-alone certificate
authority.
>
>I installed a computer certificate for IAS on the
server,
>requesting a Server Authentication certificate and "RSA
>SChannel" for the CSP option, storing the cert in the
>local computer certificate store.
>
>In IAS, I set up a Wireless remote access policy via the
>wizard. I chose "Smart card or other certificate" for
an
>EAP Provider. Editing that provider selection allows me
>to verify that it's using the aforementioned server
>authentication certificate.
>
>The wireless access point is set up to use this server
as
>the Radius server.
>
>On the client, I plugged in to the wired lan and
requested
>a client authentication certificate, leaving every
option
>at the default. When I installed that certificate, I
was
>prompted to add the Windows 2003 server to my Trusted
Root
>store, which I approved. I then unplugged from the wired
>lan and plugged in my wireless adapter (for which I've
>already loaded the drivers and configured for 802.1x).
>I'm prompted to choose a certificate to use for the
>connection, I then select the Client Authentication
>certificate, the network connection quickly show a
status
>of "Validating Identity" and then I'm prompted to select
>the certificate again.
>
>On the server's event viewer, for IAS I get a single
error
>per attempt: "A certification chain processed correctly,
>but one of the CA certificates is not trusted by the
>policy provider."
>
>I'm assuming that the Root CA certificate is the one I
>find on the CA itself, issued by itself, to itself and
>valid for "All issuance policies" and "All application
>policies". I've tried installing that certificate in
the
>user and computer "Trusted Root Certification
Authorities"
>on the client and the server, to no avail.
>
>Which machine is not trusting the CA certificate, the
>server or the client? What piece am I missing?
>
>
>.
>
 
Reply With Quote
Reply

« Win2k3 and RAS | Always logon as guest user »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Paper published: "Windows Server 2008 R2 Core Network Companion Guide: Deploying Computer and User Certificates" James McIllece [MS] Windows Networking 0 08-19-2009 10:20 PM
Continuation of "Arrrgh! rsync "chroot failed" error message!" kenney@lucent.com Linux Networking 3 08-10-2006 08:35 AM
Attention Plus.net Re: SPEWS DOLTS "WindsorFox", "Kevin-!:?)", "SpinDryer" SPAM broadband newsgroup !:?) Broadband 0 11-28-2005 04:28 AM
"an error occured trying to access the address book provider" Vince Windows Networking 1 01-16-2004 03:38 AM
"an error occured trying to access the address book provider" Vince Windows Networking 1 01-16-2004 01:29 AM


Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc.
Contact Us - Archive - Privacy Statement - Top

1 2 3 4 5 6 7 8 9 10 11