Presentation is loading. Please wait.

Presentation is loading. Please wait.

802.1x Radius Certificate Migration Doomsday…

Published byDorothea Schreiber Modified over 5 years ago

Similar presentations

Presentation on theme: "802.1x Radius Certificate Migration Doomsday…"— Presentation transcript:

1 802.1x Radius Certificate Migration Doomsday…
University of Denver Marcelo Lew CHECO Spring 2014

2 Chronology of Events February 16, 2014 around noon. Information Security replaced our production Radius servers’ certificates from Thawte to Incommon (Comodo). The thought was that this would be transparent to the end user. Problem: Incommon Root Certificate is not listed/installed in most systems by default as a “Trusted Root Certificate Authority” So when users try connecting…

3 Users got the following error (Windows):
MacOS had similar results.

4 Frustrated users, angry emails, 100s of support tickets/Incidents etc..

5 How to prevent this? If the certificate would have been installed ahead of time, even not trusted, then the error would have been: By clicking the continue button the certificate would have been trusted and the connection formed.

6 Solution We needed a way to quickly distribute this new Root Certificate to the clients And have it trusted by the system! We re-coded our CloudPath XpressConnect software with the new certificate and had all users run it. There was a significant delay getting the new XPC working right due to using the wrong Incommon Root Certificate, which is called AddTrust External CA Root (not the Incommon Root CA). After running XpressConnect, this certificate now shows up in the Certificate Manager and EAP Properties for Windows and in the Keychain for MacOS.

7

8

9

10 Lessons Learned from Incident
Do not change Radius Certs during academic session – plan ahead! Know and understand when your Radius and web portal certs expire in your secure wireless environment Inform all IT Support Staff on this change.

11 Device / Identity Certificates Instead of cached User Credentials?
DU Device / Identity Certificates Instead of cached User Credentials? Move the Radius function to an “Enrollment” type product? EG: CloudPath’s Enrollment System (ES) Aruba ClearPass Cisco ICE

Download ppt "802.1x Radius Certificate Migration Doomsday…"

Similar presentations

Deploying and Managing Active Directory Certificate Services

Deploying and Managing Active Directory Certificate Services
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
15.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.

15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
Intel Confidential 1 Configure PKI Web Server Certificates for each Management Controller.

Intel Confidential 1 Configure PKI Web Server Certificates for each Management Controller.
CA Key 1 Created OCSP Cert 1 Client Cert 1 Client Cert 2 OCSP Cert 2 CA Key 2 Created CA Key 1 Expiration OCSP Cert 3 Client Cert.

CA Key 1 Created OCSP Cert 1 Client Cert 1 Client Cert 2 OCSP Cert 2 CA Key 2 Created CA Key 1 Expiration OCSP Cert 3 Client Cert.
1 Integrating ISA Server and Exchange Server. 2 How email works.

1 Integrating ISA Server and Exchange Server. 2 How works.
Windows Phone 8 Windows Embedded 8 Handeld.

Windows Phone 8 Windows Embedded 8 Handeld.
RADIUS Secured and Authenticated WiFi Robert Leahy Charles Bodman Brandon Ellis.

RADIUS Secured and Authenticated WiFi Robert Leahy Charles Bodman Brandon Ellis.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.

PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
Senior Technical Writer

Senior Technical Writer
Resource App Resource App Resource authorization server authorization endpoint token endpoint A A R.

Resource App Resource App Resource authorization server authorization endpoint token endpoint A A R.
Configuring Active Directory Certificate Services Lesson 13.

Configuring Active Directory Certificate Services Lesson 13.
Proxy servers By Akshit Y10. What is a proxy server O A proxy server is a computer that offers a computer network service to allow clients to make indirect.

Proxy servers By Akshit Y10. What is a proxy server O A proxy server is a computer that offers a computer network service to allow clients to make indirect.
Windows 2003 and 802.1x Secure Wireless Deployments.

Windows 2003 and 802.1x Secure Wireless Deployments.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.

Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.
Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.

Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.

Similar presentations

Ads by Google