Our old 1024 bit cert is expiring - but we've gotten on 6.1.3.2 code so I can use my new 2048 bit cert - all looked good - but I've got a population of devices running windows 7 - they appear to have default configs - but do not prompt the user to trust the new cert.
I've been using our new 2048 bit cert on our radius servers for eduroam for the past year - attempting to join and setup wireless profile on these devices for eduroam - fails - don't get prompted to trust the cert...
My similarly configured win7 device - has no issue - so I'm starting to suspect that for some reason the failing devices are having issues accepting a 2048 bit cert?
Is there an easy way to confirm this from the controller.
using aaa tracebuf - I can see the eap termination is failing... ie not progressing to actual radius calls...
Sep 14 12:37:39 station-up * 60:67:20:02:13:da 00:24:6c:80:2c:3a - - wpa2 aes
Sep 14 12:37:39 station-term-start * 60:67:20:02:13:da 00:24:6c:80:2c:3a 48 -
Sep 14 12:37:39 eap-term-start -> 60:67:20:02:13:da 00:24:6c:80:2c:3a/1x-ap - -
Sep 14 12:37:39 station-term-start * 60:67:20:02:13:da 00:24:6c:80:2c:3a 48 -
Sep 14 12:39:10 station-term-end * 60:67:20:02:13:da 00:24:6c:80:2c:3a/1x-ap 3 - failure
Sep 14 12:39:10 eap-failure <- 60:67:20:02:13:da 00:24:6c:80:2c:3a/1x-ap - 4
Sep 14 12:39:10 station-down * 60:67:20:02:13:da 00:24:6c:80:2c:3a - -
Is there some other debug option to get more details on the specific failure -
or other people have run into devices that have trouble accapting 2048 bit certs?