Hey Folks, a little help here, please.<o:p></o:p>
I have a request to set in some workstations two different wireless profiles, both using 802.1x, but each one from a different environment:<o:p></o:p>
Profile 1: My corporate wireless network, authenticating using a computer certificate issued by my internal CA (Enterprise)<o:p></o:p>
Profile 2: External wireless network, also authenticating using a computer certificate issued by an external CA, validated by a NPS placed in an external environment with an AD that has no trust with my corporate one.<o:p></o:p>
The certificates were issued and were imported into a test machine like below. Both are "Client Authentication" purpose.<o:p></o:p>
Certificate 1: testcomputername.myinternaldomain.net<o:p></o:p>
Certificate 2: testcomputername.externalenvironment.net<o:p></o:p>
Results:<o:p></o:p>
Profile 1 working fine, I am able to connect into my internal wireless<o:p></o:p>
Profile 2 not working, due to, as far I can see in the logs, it is using the certificate 1 from my internal CA<o:p></o:p>
Question 1: What is the criteria of Windows to choose between two certificates with the same purpose where the only difference is the subject and subject alternative name?<o:p></o:p>
Question 2: How to force a wireless profile to use a specific computer certificate?<o:p></o:p>
Note: If I issue two exactly equal certificates, I see that the newest one is used in the logs.<o:p></o:p>
Note 2: If I delete the certificate from my internal CA, leaving only the computer certificate from external CA that manages the authentication for the Profile 2, the Profile 2 works fine. Obviously, the Profile 1 stop working cause I don´t have my internal computer certificate anymore.<o:p></o:p>
Tks in advance for any help.<o:p></o:p>
Rafael Machado
Ajude a melhorar a eficiência nas buscas, se foi útil, classifique. {http://rafaelcmachado.spaces.live.com} Rafael Carneiro Machado