Security

Reply
Occasional Contributor I
Posts: 6
Registered: ‎08-05-2014

Error code 265: The certificate chain was issued by an authority that is not trusted.

We are in the process of trying to set up a wireless network that uses NPS servers to authenticate domain users with computers that are not on our domain (BYOD).

 

We are using a valid, wildcard SSL (with intermediate certificates) to authenticate via PEAP.  The certificate was issued by Godaddy.

When trying to connect, we are getting the authentication request.

 

The result of a connection attempt is no connection with an event log error code of - “265: The certificate chain was issued by an authority that is not trusted.”

 

We have tried ensuring that the certificates are in the correct containers on the respective NPS servers: “Certificates\Personal\Certificates”

 

With the intermediate certificates located: “Certificates/Intermediate Certification Authorities”

All these attempts have proven fruitless.  Any assistance or direction would be very much appreciated.

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: Error code 265: The certificate chain was issued by an authority that is not trusted.

You should not use wildcard certificates as a RADIUS certificate.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 6
Registered: ‎08-05-2014

Re: Error code 265: The certificate chain was issued by an authority that is not trusted.

Thank you for your speedy reply.

Are you familiar with any documentation that indicates such?  I ask only because I am going to be asked to justify the need for 4 new, independant SSL certs.  I would need to present why using a wildcard will not work.

 

Many kind thanks,

 

~Bill

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: Error code 265: The certificate chain was issued by an authority that is not trusted.

Don't have any formal documentation but Windows clients will refuse a wildcard RADIUS server certificate (as they should; wildcard certs are a security nightmare)

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 4,269
Registered: ‎07-20-2011

Re: Error code 265: The certificate chain was issued by an authority that is not trusted.

[ Edited ]
Answered
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 6
Registered: ‎08-05-2014

Re: Error code 265: The certificate chain was issued by an authority that is not trusted.


victorfabian wrote:
Is this for windows devices ?

Yes sir.

Occasional Contributor I
Posts: 6
Registered: ‎08-05-2014

Re: Error code 265: The certificate chain was issued by an authority that is not trusted.

Forgive my ignorance here: It was my orignal intent to use individual SSL's but, I found that I couldn't find the proper place to generate the CSR, as these NPS servers don't have IIS configured as a role.

 

Do I need to configure IIS and generate the CSR there?  Is there a more appropriate place from which I should generate the CSR?  I don't seem to have any luck finding documentation on this particular issue.

 

Thank you for all your willingness to help.

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: Error code 265: The certificate chain was issued by an authority that is not trusted.

You can generate a CSR on any server with either IIS or openSSL. Just be sure to export the private key along with the cert so you can import it on the NPS server. You can use the same cert on all of your NPS boxes.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 6
Registered: ‎08-05-2014

Re: Error code 265: The certificate chain was issued by an authority that is not trusted.

Again, many thanks for your helpfulness.

 

Godaddy always includes an intermediate certificate.  Is it necessary to export/import that one, as well?  If so, what certificate container does it need to go into?  

 

Much appreciated,

 

~Bill

 

 

Guru Elite
Posts: 8,456
Registered: ‎09-08-2010

Re: Error code 265: The certificate chain was issued by an authority that is not trusted.

If the NPS server doesn't already have the intermediate cert, you would install it on the NPS server in the intermediate cert store.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: