Got it

[WLAN]Q&A: How to Deploy a CA Certificate Server?

Latest reply: May 28, 2021 18:48:40 454 14 6 0 0

When configuring 802.1X certificate authentication, you need to deploy a CA certificate server first. How do you deploy a CA certificate server?

Here's the answer.

  1. Open a browser and enter https://Server-IP/certsrv, where Server-IP indicates the IP address of the CA certificate server.

    If the following page is displayed after login using the AD domain account administrator and its password, the CA server functions properly. Otherwise, delete and then add the CA component again.

    download?uuid=1899097ba5c14a7a847bea767fb4f3d3

  2. On Certification Authority, right-click the root certificate. In the displayed dialog box, click the Extensions tab and check extended fields CDP and AIA.

    CDP: Include in the CDP extension of issued certificates must be selected for LDAP and HTTP.

    AIA: The two options in the red box must be selected for the OCSP URL.

    download?uuid=8fb2a2707ffb4563b0d87f5d0e15d5ec

    download?uuid=5a28d9c3d9fc4988aee7f5cf2b29a113

  3. Open a browser and enter https://Server-IP/certsrv/mscep_admin, where Server-IP indicates the IP address of the CA certificate server.

    If the following page is displayed after login using the AD domain account administrator and its password, the SCEP and HTTPS settings are correct.

    download?uuid=0837b6796177465883234e59f11a88c0If the page is displayed in HTTP mode but cannot be displayed in HTTPS mode, check whether HTTPS is bound to the certificate, and whether the correct root certificate is selected. Select the certificate the same as the full computer name for SSL certificate.

    download?uuid=a41bd681992845099bf15534ca0c83f2

    If the page cannot be displayed in HTTP mode, check whether Network Device Enrollment Service is Installed.

    download?uuid=40cc7e1e271443c2b0c1933478879ea9

  4. The SCEP template must contain the Client Authentication field. Otherwise, end users may fail the authentication. If the SCEP template does not contain the Client Authentication field, correct the settings based on the video instruction.

    download?uuid=15d424f90e1b4979b81de1c9e36245f6

  5. In the registries, set the SCEP template name and disable EnforcePassword.

    Find entries in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MSCEP, and set their values to the SCEP template name.

    Registry modification takes effect only after the operating system is restarted.

    download?uuid=939869840cae449a8a7df5940d704da2

    Set EnforcePassword to 0.

    download?uuid=936d7bf0b72f4917aba2fcf74f26e41c

  6. Check the permission settings in the SCEP and OCSP templates. If the settings are incorrect, correct them based on the video instruction.

    download?uuid=6d54a36674dc4c268be630080d3d7ca8

    download?uuid=d063567de35d41ebb30e3281c4f843af

  7. Check whether the SCEP and OCSP templates are issued. If SCEP and OCSP templates are not in the list, issue the templates based on the video instruction.

    download?uuid=ee9cfbe4eb8c4e5286bb671b7606fd1c

  8. Choose Start > Administrative Tools > Online Responder Management to check whether OCSP is in working state. If not, delete ocsp_test and create it again based on the video instruction.

    download?uuid=20cfabb0a59b4c34b464cec825facb04

  9. The properties of the revocation configuration and the random number and signature of the Agile Controller-Campus must have the relationship shown in the following figure:

    download?uuid=8b435cba8a2a445caf11d7137bc6f070


Thanks for sharing
View more
  • x
  • convention:

Great sharing
View more
  • x
  • convention:

Good post
View more
  • x
  • convention:

IndianKid
Moderator Author Created May 22, 2021 09:15:00

Thanks for the sharing. really good one
View more
  • x
  • convention:

thanks
View more
  • x
  • convention:

12
Back to list

Comment

You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.