G
Guest
Guest
Archived from groups: microsoft.public.windows.networking.wireless (More info?)
Hi all, (especially Microsoft)
We currently try to integrate our Smart Card to be used in Wireless EAP-TLS
authentication.
Our Smart Card is currently is used for Microsoft Windows Certificate Logon.
To support the EAP-TLS, we add Client Authentication to the Extended Key
Usage (EKU).
But we are failed. The Microsoft complain the "Windows was unable to find a
certificate to log you on the network XXXX".
Upon this error, we are trying to use certificate from Certificate Store.
Certificate #1:
EKU=Client Authentication
Key Usage=Digital Signature, keyEncipherment, keyAgreement
MS Windows do not complain when we are using Certificate#1.
We delete Certificate#1 from Certificate store and import Certificate# 2.
Certifcate #2:
EKU=Client Authentication, Smart Card Logon
Key Usage=Digital Signature, keyEncipherment, keyAgreement
And ha ha ......
The MS Windows complain "Windows was unable to find a certificate to log you
on the network XXXX".
Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
We need to this two EKU on one Certificate because currently Microsoft
called our CSP using "default container" for Smart Card Logon and EAP-TLS.
And we cannot differentiate who is actually calling our CSP.
Has anyone face this problem before ?
Can someone from Microsoft confirm about this problem ?
Thank in advance for any help or idea......
Rudy
Hi all, (especially Microsoft)
We currently try to integrate our Smart Card to be used in Wireless EAP-TLS
authentication.
Our Smart Card is currently is used for Microsoft Windows Certificate Logon.
To support the EAP-TLS, we add Client Authentication to the Extended Key
Usage (EKU).
But we are failed. The Microsoft complain the "Windows was unable to find a
certificate to log you on the network XXXX".
Upon this error, we are trying to use certificate from Certificate Store.
Certificate #1:
EKU=Client Authentication
Key Usage=Digital Signature, keyEncipherment, keyAgreement
MS Windows do not complain when we are using Certificate#1.
We delete Certificate#1 from Certificate store and import Certificate# 2.
Certifcate #2:
EKU=Client Authentication, Smart Card Logon
Key Usage=Digital Signature, keyEncipherment, keyAgreement
And ha ha ......
The MS Windows complain "Windows was unable to find a certificate to log you
on the network XXXX".
Why does the Smart Card Logon on EKU make the EAP-TLS failed ?
We need to this two EKU on one Certificate because currently Microsoft
called our CSP using "default container" for Smart Card Logon and EAP-TLS.
And we cannot differentiate who is actually calling our CSP.
Has anyone face this problem before ?
Can someone from Microsoft confirm about this problem ?
Thank in advance for any help or idea......
Rudy