MasterRacker
New member
Can anyone point me to a "Certificate Services for the Braindead" writeup? So far, everything I've found is very generic and essentially useless. I'm especially interested in the certificates for "secure wireless". I haven't found anything yet at the level of specifically saying "do xxx with your CA, then do yyy with your RADIUS server..."
Here's the scenario I'm dealing with:
Last week we ran into an issue where our secured wireless went down due to a certificate expiring that didn’t automatically renew. After some digging, we discovered that we have a CA running an a soon to be decommissioned server that used to be our Exchange server. We fumbled around for a while and managed to create a new certificate and re-issue it to the failed requests. This got our wireless working again eventually. Even today it's still flaky. I've determined that a laptop that won't connect has to be connected to the LAN wired, then left for a few hours to pick up the new certificate. Then it can log in wirelessly again. We think the CA server was set up by a long gone consultant in 2008. Our wireless infrastructure is Ubiquiti Unify APs and a Windows RADIUS server.
I'm setting up a new CA on a new server but am lost on exactly what kind of certs to create, how they deploy, how to make sure they're used in all the right places, etc. before turning off the old server.
Thanks
Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]
Here's the scenario I'm dealing with:
Last week we ran into an issue where our secured wireless went down due to a certificate expiring that didn’t automatically renew. After some digging, we discovered that we have a CA running an a soon to be decommissioned server that used to be our Exchange server. We fumbled around for a while and managed to create a new certificate and re-issue it to the failed requests. This got our wireless working again eventually. Even today it's still flaky. I've determined that a laptop that won't connect has to be connected to the LAN wired, then left for a few hours to pick up the new certificate. Then it can log in wirelessly again. We think the CA server was set up by a long gone consultant in 2008. Our wireless infrastructure is Ubiquiti Unify APs and a Windows RADIUS server.
I'm setting up a new CA on a new server but am lost on exactly what kind of certs to create, how they deploy, how to make sure they're used in all the right places, etc. before turning off the old server.
Thanks
Jeff
[small][purple]It's never too early to begin preparing for [/purple]International Talk Like a Pirate Day
"The software I buy sucks, The software I write sucks. It's time to give up and have a beer..." - Me[/small]
