The user or the computer certificate on the client chains to a trusted root CA. Or it maps to a user account or a computer account in the Active Directory directory service. The client certificate is issued by an enterprise certification authority (CA). With either EAP-TLS or PEAP with EAP-TLS, the server accepts the client's authentication when the certificate meets the following requirements: After these minimum requirements are met, both the client certificates and the server certificates must meet the following extra requirements. They must also meet the requirements for connections that use Secure Sockets Layer (SSL) encryption and Transport Level Security (TLS) encryption. Minimum certificate requirementsĪll certificates that are used for network access authentication must meet the requirements for X.509 certificates. For example, the object identifier for the Client Authentication purpose is 1.3.6.1.5.5.7.3.2. When certificates are used for authentication, the authenticator examines the client certificate and looks for the correct purpose object identifier in EKU extensions. Or, a certificate that's used for the authentication of a server must be configured with the Server Authentication purpose. For example, a certificate that's used for the authentication of a client to a server must be configured with the Client Authentication purpose. The certificate must be configured with one or more purposes in Extended Key Usage (EKU) extensions that match the certificate use. Certificates must meet specific requirements both on the server and on the client for successful authentication. When you use EAP with a strong EAP type, such as TLS with smart cards, or TLS with certificates, both the client and server use certificates to verify identities to each other. When you use Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) or Protected Extensible Authentication Protocol (PEAP) with EAP-TLS, your client and server certificates must meet certain requirements.Īpplies to: Windows 10 - all editions Original KB number: 814394 Summary
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |