82
By looking at each certificate’s “Issuer” and “Subject” fields, we can determine what is Jetdirect is
seeing. Since “ias.example.internal” is the Authentication Server certificate and its common name is
shown as “ias.example.internal”, we know that the Server ID needs to be configured correctly to
handle that value. The “Issuer” of this certificate is R2.example.internal. Jetdirect needs to have the
public key certificate of R2 in order to verify the signature on ias.example.internal. The
Authentication Server also sends back the R2.example.internal certificate. This certificate is issued by
RootCA. Jetdirect also needs the RootCA public key certificate. This certificate, RootCA must be
configured on Jetdirect as the CA Certificate in order for the certificate chain to be verified.
These two situations are the most common type of issues that affect 802.1X configurations.
Client Authentication Problem
Assuming that everything went ok with Server Authentication, then client authentication is the next
area where there could be problems. For EAP-TLS, the client sends a certificate to authenticate while
in PEAP, a username/password is sent using a different protocol to authenticate the client. In both
cases, the certificate or the username/password must be mapped to an account that is granted
access. Let’s look at an EAP-TLS client authentication problem.
To Next Page
Loading...
Need help?
General
