802.1x - Computer authentication with multiple certs

Question

802.1x - Computer authentication with multiple certs

Anonymous

My Windows 7 computer has two computer certificates on it set for client authentication. They were issued by different CA's within our environment (it's a unique PKI environment).

In my certificate store I have two computer certs with the same name, but signed by CA-1 and CA-2.

We are also using dot1x. The Radius server trusts CA-2, but not CA-1.

When I go in to the 802.1x settings for my adapter I set it to use 'Computer Authentication', but it does not allow me to select which certificate to use.

The problem is that when I go to authenticate, Windows 7 is automatically trying to use the cert signed by CA-1. I do not know which mechanism Windows uses to make the decision on which certificate to use. The only thing I can guess is that the cert signed by CA-1 is the first in the list because CA-1 is before CA-2 alphabetically.

Is there a way to select which cert is used for 802.1x authentication, or change the process Windows uses?

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

3 answers

Answer 1

Anonymous

Hi,

Do let us know if you need any help with other Windows related issues in future.

We will be glad to assist you.

0 comments

Answer 2

Anonymous

Thank you. I posted this question in TechNet.

0 comments

Answer 3

Hi,

Thank you for posting your query in Microsoft Community Forum.

As per the description of the issue, I would recommend posting your query in the TechNet Forums. TechNet is looked at by other IT professionals who would more than likely be able to assist you.

TechNet Forum

http://social.technet.microsoft.com/Forums/windows/en-US/home?category=w7itpro

Hope this information is helpful.

Share via

802.1x - Computer authentication with multiple certs

3 answers