Incantation required for AD CS to generate compatible client cert? #82
Comments
|
Hi, I haven't tried to use certificates generated by ADCS with openwec yet so I don't have an out-of-the-box solution. However, there are a few places where you should find some clues about what is going on:
PS : By the way, if you are in an Active Directory environment, you may want to consider using Kerberos authentication which is much easier to deploy and to maintain. |
|
Thanks, I will go hunting. (I really don't think it's an authentication error - I fought through enough of those on the way here!) (The reason I chose to use certificates was that not everything is domain joined.) |
|
Examining the certs generated by OpenSSL vs ADCS, I noticed a disagreement in the X509v3 key usage attributes: HTH anyone else attempting to deal with this! |
|
@a139786: I guess both certificates should work as long as they have the |
|
I did - the OpenSSL cert worked (auth and traffic flowed). The ADCS cert had no auth error, but there was no traffic flow. |
I've set up openwec using TLS and certs generated using the example scripts (thanks for the clear and comprehensive docs), however have some boxes which are autoenrolled in AD CS. I've managed to have these boxes connect to the wec and mutually auth without error, however I never see Event ID 100 (The subscription my-test-subscription is created successfully). I was wondering if any one can help me generate a compatible key and cert pair through AD CS and what settings specifically are required.
The text was updated successfully, but these errors were encountered: