802.1x Radius Certificate Migration Doomsday…

Slides:



Advertisements
Similar presentations
Deploying and Managing Active Directory Certificate Services
Advertisements

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
15.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 15: Configuring a Windows.
Intel Confidential 1 Configure PKI Web Server Certificates for each Management Controller.
CA Key 1 Created OCSP Cert 1 Client Cert 1 Client Cert 2 OCSP Cert 2 CA Key 2 Created CA Key 1 Expiration OCSP Cert 3 Client Cert.
1 Integrating ISA Server and Exchange Server. 2 How works.
Windows Phone 8 Windows Embedded 8 Handeld.
RADIUS Secured and Authenticated WiFi Robert Leahy Charles Bodman Brandon Ellis.
PKI Network Authentication Dartmouth Applications Robert Brentrup Educause/Dartmouth PKI Summit July 27, 2005.
Senior Technical Writer
Resource App Resource App Resource authorization server authorization endpoint token endpoint A A R.
Configuring Active Directory Certificate Services Lesson 13.
Proxy servers By Akshit Y10. What is a proxy server O A proxy server is a computer that offers a computer network service to allow clients to make indirect.
Windows 2003 and 802.1x Secure Wireless Deployments.
Week #10 Objectives: Remote Access and Mobile Computing Configure Mobile Computer and Device Settings Configure Remote Desktop and Remote Assistance for.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.
Chapter 14: Remote Server Administration BAI617. Chapter Topics Configure Windows Server 2008 R2 servers for remote administration Remotely connect to.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod9_L8 1 Network Security 2 Module 6 – Configure Remote Access VPN.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Security Services Agenda Overview of HEAnet security services HEAnet CERT (Computer Emergency Response) Anti-Spam RBL (Real time blacklist service) HEAnet.
Module 8 Configuring Mobile Computing and Remote Access in Windows® 7.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
Module 5: Designing a Terminal Services Infrastructure.
Cullen Jennings Certificate Directory for SIP.
Building Security into Your System Bill Major Gregory Ponto.
Module 9: Designing Public Key Infrastructure in Windows Server 2008.
Windows 2000 Certificate Authority By Saunders Roesser.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Creating and Managing Digital Certificates Chapter Eleven.
LO2 Understand the key components used in networking.
 The Hows and Whys of a wireless WPA2/802.1X network Presenters: Kevin Koster, Founder and Technical Lead at Cloudpath Networks Mike Courtney, Network.
Easy 802.1X Onboarding with EAPConfig files and Supplicant Configuration Automatic Discovery (SCAD) Gareth Ayres (Speaker) Stefan.
Microsoft Developer’s Camp Pune dev.windowsphone.com.
Maryknoll Wireless Network Access Steps for Windows 7 As of Aug 20, 2012.
Non Web-based Identity Federations - Moonshot Daniel Kouril, Michal Prochazka, Marcel Poul ISGC 2015.
Wireless Updates and Solutions: Eduroam, XpressConnect, and NDSU Limited Richard Frovarp Senior Software Engineer Enterprise Computing & Infrastructure.
IHEP Grid CA Status Report F2F Meeting 17 Mar Computing Centre, IHEP,CAS,China.
Chapter 13 FTP and Telnet Cisco Learning Institute Network+ Fundamentals and Certification Copyright ©2005 by Pearson Education, Inc. Upper Saddle River,
Selecting the Management Platform Cloud-based Management Standalone Windows Intune No existing Configuration Manager deployment Simplified policy.
Windows 10 Common VPN Error Tech Support Number
Web Applications Security Cryptography 1
eduroam Managed IdP - Roadmap
Federated Identity Management at Virginia Tech
Security Outline Encryption Algorithms Authentication Protocols
Network Access on Apple iOS
Microsoft Active Directory Certificate Services and System Center Configuration Manager Internet Based Client Management.
Module Overview Installing and Configuring a Network Policy Server
Fix yahoo mail error code 4 Call Toll-free Number
| How To Fix Outlook Error 18?
How to Fix Windows 10 Update Error 0x ?.
2018 Real Cisco Dumps IT-Dumps
Cisco Real Exam Dumps IT-Dumps
Install DoD CA Certificate Instructions for Chrome
Install DoD CA Certificate Instructions for IE
Utilize Group Policy Terminal Server Settings
MMA MarketLink Easy, step by step enrollment!
Message Digest Cryptographic checksum One-way function Relevance
Install DoD CA Certificate Instructions for Firefox
Configuring Internet-related services
SharePoint Online Hybrid – Configure Outbound Search
SurfCFCC Secure Wireless Access For Students, Faculty, and Staff.
Install AD Certificate Services
Building Security into Your System
Advanced Computer Networks
Homework.
Presentation transcript:

802.1x Radius Certificate Migration Doomsday… University of Denver Marcelo Lew CHECO Spring 2014

Chronology of Events February 16, 2014 around noon. Information Security replaced our production Radius servers’ certificates from Thawte to Incommon (Comodo). The thought was that this would be transparent to the end user. Problem: Incommon Root Certificate is not listed/installed in most systems by default as a “Trusted Root Certificate Authority” So when users try connecting…

Users got the following error (Windows): MacOS had similar results.

Frustrated users, angry emails, 100s of support tickets/Incidents etc..

How to prevent this? If the certificate would have been installed ahead of time, even not trusted, then the error would have been: By clicking the continue button the certificate would have been trusted and the connection formed.

Solution We needed a way to quickly distribute this new Root Certificate to the clients And have it trusted by the system! We re-coded our CloudPath XpressConnect software with the new certificate and had all users run it. There was a significant delay getting the new XPC working right due to using the wrong Incommon Root Certificate, which is called AddTrust External CA Root (not the Incommon Root CA). After running XpressConnect, this certificate now shows up in the Certificate Manager and EAP Properties for Windows and in the Keychain for MacOS.

Lessons Learned from Incident Do not change Radius Certs during academic session – plan ahead! Know and understand when your Radius and web portal certs expire in your secure wireless environment Inform all IT Support Staff on this change.

Device / Identity Certificates Instead of cached User Credentials? Future @ DU Device / Identity Certificates Instead of cached User Credentials? Move the Radius function to an “Enrollment” type product? EG: CloudPath’s Enrollment System (ES) Aruba ClearPass Cisco ICE

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.