This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Extreme NAC, Strong Certificate Mapping Enforcement Microsoft

Extreme NAC, Strong Certificate Mapping Enforcement Microsoft

gbrown
New Contributor

2 weeks ago

With the recent change Microsoft has made regarding Strong Certificate Mapping, I am wondering if there are any potential issues anyone has had with their Extreme NACs/Site Engine (on prem). We have not yet installed the update from Microsoft to enforce this but will do so soon. I also need to update the certs on the NACs anyways and just wanted to check if anything special needed to be done to comply with this update.

All feedback is appreciated.

0 Kudos
2 REPLIES 2

Ryan_Yacobucci
Extreme Employee

2 weeks ago

We have seen Control with proxy RADIUS using EAP-TLS to NPS affected by this issue, as Control is only acting as a proxy and the NPS server is enforcing certificate security requirements. 

Thanks
-Ryan

Robert_Haynes
Extreme Employee

2 weeks ago

My quick answer is I simply do not know.

I referred to https://support.microsoft.com/en-us/topic/kb5014754-certificate-based-authentication-changes-on-wind... for information on this and my take is none of those enforcement modifications will impact Control.

For EAP-TLS Control verifies certificate authenticity based on matching AAA Trusted Certificates (i.e. did the root/inter sign the client cert, etc). For NTLM looking for machine auth as long as Control is able to continue doing lookups via LDAP / RPC I don't see the makeup of the certificate impacting design.

... could be completely wrong tho.

0 Kudos
GTM-P2G8KFN