802.1x Cert Renewal Not Overwriting Old Cert - Technicalhelp: A Flexible Computing Service

Tagged: 802.1x

This topic has 21 replies, 6 voices, and was last updated 2 years, 11 months ago by brian1020.

Viewing 7 posts - 16 through 22 (of 22 total)

← 1 2

Author

Posts
May 16, 2021 at 1:24 pm #105381
ConfGen
Keymaster
- Total Post: 10696
- Jedi Master
Why should it renew the cert? Is it expired?
It will earliest renew a cert if the life time is half way done.

CG
May 16, 2021 at 1:29 pm #105382
kghare
Participant
- Total Post: 6
- Newbie
yes, the expiry was set to 1 year and now its almost near to the expiry.
May 16, 2021 at 1:52 pm #105383
ConfGen
Keymaster
- Total Post: 10696
- Jedi Master
Are you still using WMS 1.4?
WMS, wnos.ini or WMS Advanced section?
ThinOS 8 or 9?
Post your config.

CG
May 16, 2021 at 2:36 pm #105384
kghare
Participant
- Total Post: 6
- Newbie
I am using WMS 1.4, thinOs 8. below are the configurations I used

INI:

ScepAutoEnroll=yes \
AutoRenew=yes \
CommonName=$TN Organization=WyseDevice \
KeyUsage=digitalSignature;keyEncipherment \
KeyLength=2048 \
RequestURL=pki.***/certsrv/mscep/mscep.dll \
CACertHashType=MD5 \
CACertHash=0B***F \
ScepAdminURL=pki.***/certsrv/mscep_admin \
ScepUser=_svc_wysedevicejoin \
ScepUserDomain= ****\
ScepUserPwd=**** \
IEEE8021X=yes network=wired access=WPA-ENT ServerValidate=yes eap=yes eaptype=EAP-TLS tlsclntcert=$TN.pfx tlsauthtype=machine \
subAltName=$TN
May 17, 2021 at 6:09 pm #105386
jflemingSLR
Participant
- Total Post: 2
- Newbie
Hello All,

I was finally able to get it working correctly, by making sure the NDES services wasn’t running on the CA. Once I moved the role to its own server, the SCEP client renewed its certificate as expected.

The annoying part is SCEP works the first time with the NDES running on the CA but the renewal mechanism does not work. I even pointed the client I had auto-renew back to my original CA and it wouldn’t renew the cert. (I set the Cert to only have a 1 hour expiry during this test)

Hope this helps.
May 17, 2021 at 6:25 pm #105388
ConfGen
Keymaster
- Total Post: 10696
- Jedi Master
Thanks for letting us know.
I will add this to my PDF.

CG
May 17, 2021 at 11:28 pm #105390
brian1020
Participant
- Total Post: 259
- Jacked into The Matrix
That’s a great find and helpful for me to look at root cause between our old server and the new one we built that got this working.
Author

Posts

Viewing 7 posts - 16 through 22 (of 22 total)

← 1 2

You must be logged in to reply to this topic.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.