1

I'm trying to connect Windows 7 machine to my wireless network secured with WPA2-Enterprise PEAP. PEAP uses server authentication so I have created root CA named FesbCA on my Windows server 2008 R2 and with it I signed root.fesb.hr certificate which is used for server authentication.

On Windows 7 client machine root CA FesbCA is imported to Trusted Root Certification Authorities and that should make root.fesb.hr valid certificate.

Than why do I still get the certificate error when trying to connect to wireless network?

Here is reference image with error.

Ivan Macek
  • 143
  • 1
  • 1
  • 6
  • Does the NPS server (root) have FesbCA's certificate in its store as well? BTW, I think some are being misled by the names of your servers. Typically, in a PKI the root is the self-signed root CA. In this case, root.fesb.hr is simply a RADIUS box and FesbCA is the root CA correct? – Paul Ackerman Feb 06 '12 at 13:20

1 Answers1

1

Export the root certificate from the CA (FesbCA) and import it to the Trusted Root Certification Authority store

Mathias R. Jessen
  • 25,161
  • 4
  • 63
  • 95
  • I did that, notice the second paragraph: "On Windows 7 client machine root CA FesbCA is imported to Trusted Root Certification Authorities and that should make root.fesb.hr valid certificate." – Ivan Macek Jan 09 '12 at 15:15
  • In the current user store or in the computer account store? If you open up the Certificates mmc snap-in for "My Account" and find the root.fesb.hr certificate, and double click it, what does it state under the "Details" tab? Can it locate the chain in its entirety? – Mathias R. Jessen Jan 09 '12 at 21:02
  • There isn't **root.fesb.hr** there is only **FesbCA** _My User Account_ certification store. Certification chain is: **FesbCA -> root.fesb.hr**. – Ivan Macek Jan 10 '12 at 00:32