- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are rebuilding our internal Active Directory Certificate Services PKI- including a brand new offline Root Certificate Authority. This chains to an online Enterprise CA (policy), that chains to the CA issuing the client certificates.
I cannot add the new RootCA to the 802.1x profile of either the existing tenant, or a new tenant.
I attached a screen shot of the issue (capture.png)- I can see it in the drop down menu, but when I try selecting it, it changes to "Select" like it didn't recognize that I clicked on it. (capture2.png) I can select the previously used one, but not the new one. Both CA's are using the same template, cyphers, etc, and both chain to an offline Root.
What are the correct steps to make this switch to the new CA?
Link Copied
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, Ryan709,
It is necessary to use an online secondary Cert Authority for 802.1X. Offline certificates are not supported.
Regards,
Miguel C.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
By secondary, do you mean a subordinate? Or do you mean an entirely separate pki?
Note- both the old and the new certificate constructs are the same. Where the Offline Root CA issues the online Enterprise CA, which than issues subordinate CA certificates to our issuing CAs. In the screen shots- the previous one utilizing the same configuration is selected and in use.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, Ryan,
I am sending you a private email. Please send me a copy of the old certificate that you are using.
Regards,
Miguel C.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, Ryan709,
I sent you an email with some troubleshooting steps. I would appreciate your outcome.
Regards,
Miguel C.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, Ryan,
If further assistance is necessary, please provide a new set of the EMA server logs after doing the changes below:
- Create a new AMT profile from the Endpoint group tab.
- Add a new name to the AMT 802.1x profile.
- Try to point to the Microsoft's CA.
- Then, restart the EMA services in the server machine.
Regards,
Miguel C.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, Ryan709,
I hope this post finds you well.
By any chance, have you been able to gather the pictures from the 802.1x configuration tab of the Intel® AMT profile?
Regards,
Miguel C.
Intel Customer Support Technician
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, Ryan709,
I haven’t received any updates from you. I am sending the following documentation:
3.3.2 Creating a New 802.1x Profile
It provides the requirements for 802.1x.
If further assistance is necessary do not hesitate to reply.
Regards,
Miguel C.
Intel Customer Support Technician
 
					
				
				
			
		
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page