Specifications
Creating the Windows Security Infrastructure
Summit WM Series WLAN Switch and Altitude Access Point Software Version 4.1 Technical Reference Guide
50
● Computer certificates must contain the FQDN of the wireless client computer account in the Subject
Alternative Name property.
● User certificates must be installed in the Current User certificate store
● User certificates must contain the universal principal name (UPN) of the user account in the Subject
Alternative Name property.
Additionally, the root CA certificates of the CAs that issued the IAS server computer certificates must be
installed in the Certificates (Local Computer)\Trusted Root Certification Authorities\Certificates or
Certificates (Current User)\Trusted Root Certification Authorities\Certificates folder.
Configuring Proxy Server Settings
Certificates issued from third-party CAs, such as VeriSign, Inc., can contain a certificate revocation list
(CRL) uniform resource locator (URL) that points to an Internet Web site. If the IAS server cannot reach
the Internet Web site to perform certificate revocation checking, it cannot validate the certificates of
wireless clients for EAP-TLS authentication.
Many enterprise networks use a proxy server, such as Microsoft Internet Security and Acceleration
Server (ISA), to access Internet services. Configuration of proxy server settings is normally done
through Dynamic Host Configuration Protocol (DHCP) options. However, many IAS servers have a
static IP address configuration and therefore might not be properly configured with the appropriate
proxy server settings to access the Internet. The result is that IAS servers cannot perform certificate
revocation checking for its own local computer certificate or wireless client certificates and
authentication can fail for all wireless connections.
To configure an IAS server with the appropriate proxy server settings so that it can access Internet
services, do the following:
1 On the IAS server, login using an account that has local administrator permissions.
2 Open a command prompt.
3 At the command prompt, type time and press ENTER.
4 At the Enter the new time: prompt, press ENTER.
5 At the command prompt, type at [time+1 minute]/interactive “cmd.exe” and press ENTER. For
example, if the current time from step 4 is 13:31, the command is at 13:32/interactive “cmd.exe”.
6 After a minute, a new command prompt opens. Commands run from this command prompt execute
in the local system security context. IAS also runs in the local system security context. Therefore, you
must configure proxy server settings from the local system security context so that they apply to IAS.
Otherwise, the proxy server settings only apply to the user account that was used to login to the IAS
server in step 1.
7 From inside the new command prompt, type “%programfiles%\Internet Explorer\Iexplore.exe”
(including the quotes) and press ENTER. This opens Internet Explorer in the local system security
context.
8 Click To ol s, and then click Internet Options.
9 Click the Connections tab, and then click LAN Settings.
10 In Proxy server, select Use a proxy server for your LAN.
11 Type the name or IP address of your proxy server in Address, then type the Web port number
(typically 80) in Port. Example: if the name of your proxy server is CorpProxy and you use port 80
for your Web traffic, you would type corpproxy in Address and 80 in Port
12 Click OK to save the proxy server settings.