Server2000, IAS PEAP cannot find certificate

Discussion in 'Wireless Networking' started by andrew.juniper@red-m.com, Jul 15, 2005.

  1. Guest

    Hi,

    I'm having problems configuring a Windows 2000 Server IAS for PEAP.

    Whenever I click the "Configuration" button to configure PEAP when
    configuring the remote access policy, I get the error "A certificate
    could not be found that can be used with the Extensible Authentication
    Protocol".

    Now I have tried installing a number of certificates into the machine
    local store (with the corresponding CA certificate in the Trusted Root
    CAs store) to no avail.

    I have tried certificates with CN=hostname and CN=<FQDN> in the Subject
    of the certificate. All certificates have the correct Server Auth OID
    in the EKU. The certificates have been imported with make private keys
    exportable checked.

    I have tried this with a test Server 2003 box and this works fine
    (which incidentally does not seem to check the content of the CN
    field). And I have exported good certificates with their private keys
    from this box to the 2000 box and these don't work either.

    I have also tried the process detailed in the MS Knowledge Base article
    295663 (How to import third-party certification authority (CA)
    certificates into the Enterprise NTAuth store) and this doesn't help
    either.

    How can I find out what IAS does not like about my certificates?

    thanks,
    Andy
     
    , Jul 15, 2005
    #1
    1. Advertising

  2. Mark Gamache Guest

    Try looking here
    http://www.microsoft.com/technet/pr...61c9-a870-4627-a8f2-148625fd7fba.mspx?pf=true

    You've covered the server OID in the EKU. Check the section on server
    requirements. Verify the CSP and SAN. Those are often overlooked.

    What certificate template are you using? Does the CRL chain correctly?

    Hopefully that helps.

    --
    Mark Gamache
    Certified Security Solutions
    http://www.css-security.com



    <> wrote in message
    news:...
    > Hi,
    >
    > I'm having problems configuring a Windows 2000 Server IAS for PEAP.
    >
    > Whenever I click the "Configuration" button to configure PEAP when
    > configuring the remote access policy, I get the error "A certificate
    > could not be found that can be used with the Extensible Authentication
    > Protocol".
    >
    > Now I have tried installing a number of certificates into the machine
    > local store (with the corresponding CA certificate in the Trusted Root
    > CAs store) to no avail.
    >
    > I have tried certificates with CN=hostname and CN=<FQDN> in the Subject
    > of the certificate. All certificates have the correct Server Auth OID
    > in the EKU. The certificates have been imported with make private keys
    > exportable checked.
    >
    > I have tried this with a test Server 2003 box and this works fine
    > (which incidentally does not seem to check the content of the CN
    > field). And I have exported good certificates with their private keys
    > from this box to the 2000 box and these don't work either.
    >
    > I have also tried the process detailed in the MS Knowledge Base article
    > 295663 (How to import third-party certification authority (CA)
    > certificates into the Enterprise NTAuth store) and this doesn't help
    > either.
    >
    > How can I find out what IAS does not like about my certificates?
    >
    > thanks,
    > Andy
    >
     
    Mark Gamache, Jul 15, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. maTT

    PEAP and IAS and Standalone CA

    maTT, Jun 6, 2005, in forum: Wireless Networking
    Replies:
    1
    Views:
    713
    kapil [MSFT]
    Jun 6, 2005
  2. Wil
    Replies:
    3
    Views:
    4,559
    SecPer
    Nov 18, 2008
  3. jester
    Replies:
    1
    Views:
    1,781
    Vivek
    Dec 20, 2005
  4. M C
    Replies:
    0
    Views:
    702
  5. =?Utf-8?B?RGVsb24=?=

    How to uninstall Cisco PEAP supplicant to use XP default PEAP

    =?Utf-8?B?RGVsb24=?=, May 25, 2007, in forum: Wireless Networking
    Replies:
    0
    Views:
    928
    =?Utf-8?B?RGVsb24=?=
    May 25, 2007
Loading...

Share This Page