Hi
We recently implemented a new two-tier Certificate Authority to replace our old one-Tier.
Everything seems to be working with the new CA, Servers and Clients have Root CA and Issuing CA in the correct stores and the certificates issued show no error and appear valid.
The problem is Wireless security (EAP-TLS) and client certificates. Both Cisco ACS and MS NPS refuse to allow clients to connect using Certificates issued by the new CA even if we use the same certificate template
as before. Enroll from the old CA everything works fine…
Both the client and the NPS server have the new Root CA under “Trusted Root Certificate Authorities” and the issuing CA under “Intermediate Certification Authorities”
Are there any limitations for EAP TLS (Key Length for Root CA, Spaces in CA names and so on?)
Our root Cert has a 4096 key length and CA name contains spaces.
Thomas Larsen