I've scoured the web and Usenet to find a solution and have tried
everything that has been suggested to no avail. I generate my own
certificates 1024 bit server authentication certificates using MS RSA
SChannel Cryptographic provider. I've taken that certificate and
placed it in my local machine/personal folder. I made sure my CA is a
trusted authority. Yet despite all this I keep getting the "A
certificate could not be found that can be used with this Extensible
Authentication Protocol" error. Any help would be greatly
appreciated.
Try the following:
Make sure that the correct key option parameters are configured in the server authentication
certificate. To do this, follow these steps:
1. Start Microsoft Internet Explorer.
2. On the Address bar, type "http://<Local Host>/CertSrv" (without the quotation marks). Click
"Go".
3. On the Welcome page, click "Request a certificate" under "Select a task".
4. On the Request a Certificate page, click "Advanced certificate request".
5. On the Advanced Certificate Request page, click "Create and submit a request to this CA".
6. Make sure that the correct parameters are configured under "Key Options". To do this,
follow these steps:
a. Click "Create New key set".
b. In the "CSP" box, click "Microsoft RSA SChannel Cryptographic Provider".
c. In the "Key Size" box, type "1024" (without the quotation marks).
d. Click "Automatic key container name".
e. Click to select the "Store Certificate in the local computer certificate store" check box.
f. Click "Submit".
HTH,
Gary
--------------------
'--'From: "Taylor Sbicca" <tay...@allstardirectories.com>
'--'Newsgroups: microsoft.public.win2000.networking
'--'Subject: PEAP-MS-CHAP v2 Certificate Problem
'--'Date: 29 Dec 2004 17:01:17 -0800
'--'Organization: http://groups.google.com
'--'Lines: 18
'--'Message-ID: <1104368477.2...@f14g2000cwb.googlegroups.com>
'--'NNTP-Posting-Host: 70.58.78.21
'--'Mime-Version: 1.0
'--'Content-Type: text/plain; charset="iso-8859-1"
'--'X-Trace: posting.google.com 1104368482 29728 127.0.0.1 (30 Dec 2004 01:01:22 GMT)
'--'X-Complaints-To: groups...@google.com
'--'NNTP-Posting-Date: Thu, 30 Dec 2004 01:01:22 +0000 (UTC)
'--'User-Agent: G2/0.2
'--'Complaints-To: groups...@google.com
'--'Injection-Info: f14g2000cwb.googlegroups.com; posting-host=70.58.78.21;
'--' posting-account=tNYjcA0AAACQt_T4PC3bfZl-d5VxVS93
'--'Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXS01.phx.gbl!cpmsftngxa06.phx.gbl!
TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-online.de!news.glorb.com!
postnews.google.com!f14g2000cwb.googlegroups.com!not-for-mail
'--'Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.networking:76821
'--'X-Tomcat-NG: microsoft.public.win2000.networking
'--'
'--'I'm been having a major problem in creating a certificate that is
'--'compatible with PEAP-MS-CHAP V2 for Radius authentication. I'm
'--'running a Stand Alone CA on a w2k server that is on a network without a
'--'domain controller. I've been getting the infamous "A certificate
'--'could not be found that can be used with this Extensible Authentication
'--'Protocol" error while trying to configure my Remote Access policies
'--'to use PEAP.
'--'
'--'I've scoured the web and Usenet to find a solution and have tried
'--'everything that has been suggested to no avail. I generate my own
'--'certificates 1024 bit server authentication certificates using MS RSA
'--'SChannel Cryptographic provider. I've taken that certificate and
'--'placed it in my local machine/personal folder. I made sure my CA is a
'--'trusted authority. Yet despite all this I keep getting the "A
'--'certificate could not be found that can be used with this Extensible
'--'Authentication Protocol" error. Any help would be greatly
'--'appreciated.
'--'
'--'
This posting is provided "AS IS" with no warranties, and confers no rights. Use of included
script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm
Note: For the benefit of the community-at-large, all responses to this message are best
directed to the newsgroup/thread from which they originated.
All the certificates that I have been using in the past were configured
like you suggested. None the less I tried it again but was
unsuccessful. From everything I've read on Usenet and the web it seems
that I have the certificates configured correctly. Perhaps the problem
lies in how I'm moving my issued certificates into the local machine's
personal certificate store. I'll explain how I've been doing it and
maybe you can tell me if I'm going about this all wrong.
After I request a certificate using the web interface I go to the
certificate authority in the console. I issue the certificate and then
double click on the issued certificate. I then click on the details
tab, and the copy to file button. I have the option to save the
certificate as a DER encoded binary (.CER), a Base 64 encoded binary
(.CER), or a .P7B. The option to save the certificate as a PFX is
grayed out so I can't choose it. I then save the certificate to my
certificate folder. Next in the console I go to personal folder in my
local certificate store and import the certificate which I just
exported.
Is this the correct method for getting the certificates I've created
into the personal folder? I've tried using the web interface to do it
but when I check my pending requests from the server it says I have no
requests pending. (The strangest part is that when I request a
certificate from another machine it will show me pending requests and I
can install the certificate through the web interface) Any thoughts
you have that might help would be greatly appreciated.
"Taylor Sbicca" <tay...@allstardirectories.com> wrote in message
news:1104788499.2...@z14g2000cwz.googlegroups.com...