Wireless Access

Recently we upgraded all our internal CA servers to use SHA256 and renewed the root certs accordingly.  When we changed the radius server to use the new root CA it breaks our 802.1X wireless network on campus.  Opneed a case with Aruba and they put it back to the old SHA1 and it is working now but we to use SHA256 - anyone else make this change and what am I missing?

Do your clients already trust the new certificate?

Current SHA1 yes - I assume you will be presented with the trsut option when I change the cert to SHA256 like we were with the SHA1.  Is this correct?

It depends on the client, but many clients will simply refuse to connect when the server's certificate changes regardless.  Did you test it with any of your clients?

Yesterday, I swapped to SHA256 on radius server and when Idisconnect wifi on iphone and reconnected it failed.  The only way Aruba could get it to work was swapping back to SHA1 cert.  I even forget wireless network and still nothing.

You should have left the SHA-1 root and created a new SHA-256 intermediate.

We did but when I go to change the cert on radius to the new SHA256 authentication stops.

David A. Mattox
Manager of Systems Operations
Millsaps College
Direct (601) 974-1149
@MillsapsITS

Make sure the server certificate is chained with the new intermediate.

Ok, something has happened and now I am having network issues. Open TAC and they looked and said issue is NPS server is rejecting EAP authentication due to cert. They could not help. I followed the steps to do a new NPS cert using the SHA256 and used it on EAP and nothing. Swapped back to old SHA1 cert and nothing. Laptop keeps failing with EAP explicit error. So I need your guidance or a support call to Microsoft.

David A. Mattox
Manager of Systems Operations
Millsaps College
Direct (601) 974-1149
@MillsapsITS