i still try to configure VPN and SecurID for Windows 10.
I found this article.
Install RSA Authentication Manager, and configure it to accept and process TTL-PAP authentication requests.
Configure the VPN server (Microsoft RRAS or a third-party server) to redirect all authentication requests to RSA Authentication Manager.
i done the second requirement. How can i configure the first requirement ?
- Auth Manager
- Authentication Manager
- Community Thread
- Forum Thread
- RSA Authentication Manager
- RSA SecurID
- RSA SecurID Access
looks like i need to enable EAP-TTLS, that described "RSA Authentication Manager 8.2 Administrator's Guide.pdf" page 213.
now, i try to issue certificate from corporate PKI.
How i can generate request in AM ?
As AM is Linux, i did
openssl req -nodes -newkey rsa:2048 -keyout key.pem -out req.csr
Make sure you have a keystore (.pfx) file that contains the new server certificate and the associated private key. This file should be in PKCS #12 file format and contain the replacement certificate and private key only. If the key-store contains
more than one certificate, the wrong certificate may be used as the replacement server certificate.
As long as we are going to use .pfx, then there is no need to generate the private key from the server. Please refer to https://community.rsa.com/docs/DOC-45070?sr=search&searchId=78b0fb6f-0a2d-4eb0-b417-c9235e5a1742&sea... as it will help you if there is any other queries you have.
So kindly check and advise us back if there is any assistance needed from our side.
i created .cer file on my Windows server with common name rsa1.domain.domain.com
then i exported it to PFX file.
and then i imported it to RSA Radius EAP Certificates (Trusted Root Certificates imported as well)
but during the connection I still get an error:
09/02/2016 14:31:19 Server Certificate SHA1 Fingerprint: CF:2B:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:0C:DD
09/02/2016 14:31:19 DCF system started
09/02/2016 14:31:19 RSA RADIUS -- Powered by Steel-Belted Radius is operational.
09/02/2016 14:34:30 Request contained EAP Identity Response, but Identity did not match User-Name
09/02/2016 14:34:30 Request has invalid syntax (e.g. invalid, missing or duplicate attributes), Rejecting
09/02/2016 14:34:30 Sent reject response
maybe i have to configure some Radius Profile?
so, OS X supports EAP. right now i had configured VPN on OS X with machine certificate.
I can't configure users certificate, because OS X has a huuuuuuge problem...