How does a 802.1x client check revocation status of radius client?
Setting up a port authentication solution based on 802.1x with a MS PKI 08 with both OCSP and CRL for support of both W7 and XP.
Was wondering how a connecting clients check revocation status if the OCSP and CRLs only are available from the inside.
They have to verify the radius client's (AP) certificate.
Anyone knows?
October 20th, 2010 4:37am
this depends on client settings. If revocation check is forced authentication will fail. If not forced authentication may be successful even if revocation is offline.http://en-us.sysadmins.lv
Free Windows Admin Tool Kit Click here and download it now
October 20th, 2010 4:51am