Appendix A: Wireless Certificates
Updated: January 17, 2011
Applies To: Windows Server 2003 with SP1
Windows XP introduced native support for 802.1x and wireless networks. To enable strong security, both users and computers need authentication certificates to authenticate to a RADIUS (IAS Server) authorization point. Windows 2000 certification authorities support 802.1x certificate requirements for computers with the version 1 Machine certificate template and user certificates with any of the certificate templates that contain the Client Authentication EKU. If version 2 templates are used for computer auto-enrollment, it is important to configure the certificate template properly. When the Machine template is cloned to a version 2 template, the administrator MUST ensure that the DNS name is included in the subject name (CN) of the certificate. The Windows XP wireless client requires the DNS name of the computer to be contained in the subject for proper usage and authentication to the IAS server (RADIUS).
|If the DNS fully qualified domain name is longer than 64 characters, the name will be truncated during certificate enrollment and the name will be invalid for wireless authentication.|
For more information, see the white paper at Securing Wireless LANs with Certificate Services (http://go.microsoft.com/fwlink/?LinkId=14843)