ISE AuthZ for Wireless Phones MIC EAP-TLS

Hi all,
Trying to authorise 7925G phones using MIC and EAP-TLS. My problem is that I can't seem to get the username in the MIC to match against an Internal Identity group on ISE AuthZ policies. If I remove the endpoint ID group I am able to auth no worries. Everything looks great including the username been in a specific User ID group but I just cannot get it to match a policy with this group selected (both as the ID Group and as an "Internal User:Identity Group" condition).
Any ideas or is this just not possible?

Out of curiousity why would you suggest MAB in this instance? These devices have MIC certs and are pretty much EAP-TLS ready out of the box? My problem simply lies with the apparent inability of ISE to match the Subject CN againt an internal group.

Similar Messages

  • Windows Client cannot connect to wireless LAN through EAP-TLS

    I have a Cisco Aironet Access point which cannot be authenticated by a remote RADIUS server to connect to wireless lan through EAP-TLS. These is the debug output from the AAA process.
    *Mar  7 10:56:56.337: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:56:56.369: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:56.385: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:56.385: dot11_auth_parse_client_pak: id is not matching req-id:1re
    sp-id:2, waiting for response
    *Mar  7 10:56:56.401: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:56.717: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:56.717: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:56.785: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:57.097: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:57.097: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:57.101: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:57.393: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:57.393: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:57.397: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:57.673: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:57.673: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:57.677: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:57.953: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:57.953: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:57.957: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:58.317: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:58.317: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:58.321: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:58.685: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:58.685: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:58.685: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:56:58.993: dot11_auth_dot1x_parse_aaa_resp: Received server response:
    GET_CHALLENGE_RESPONSE
    *Mar  7 10:56:58.993: dot11_auth_dot1x_parse_aaa_resp: found eap pak in server r
    esponse
    *Mar  7 10:56:59.041: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:57:01.077: Client 0811.9650.8cb0 failed: reached maximum retries
    *Mar  7 10:57:08.997: %RADIUS-4-RADIUS_DEAD: RADIUS server 165.72.12.12:1812,181
    3 is not responding.
    *Mar  7 10:57:08.997: %RADIUS-4-RADIUS_ALIVE: RADIUS server 165.72.12.12:1812,18
    13 is being marked alive.
    *Mar  7 10:57:14.481: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:57:14.521: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:57:44.521: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
    n failed
    *Mar  7 10:57:44.801: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:57:44.829: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:58:14.829: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
    n failed
    *Mar  7 10:58:15.105: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:58:15.141: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:58:45.141: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
    n failed
    *Mar  7 10:58:45.425: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:58:45.449: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:59:15.449: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
    n failed
    *Mar  7 10:59:15.729: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:59:15.753: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:59:45.753: %DOT11-7-AUTH_FAILED: Station 0811.9650.8cb0 Authenticatio
    n failed
    *Mar  7 10:59:46.009: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:59:46.037: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:59:50.077: Client 0811.9650.8cb0 failed: reached maximum retries
    *Mar  7 10:59:50.349: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:59:50.373: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 10:59:55.077: Client 0811.9650.8cb0 failed: reached maximum retries
    *Mar  7 10:59:55.341: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 10:59:55.361: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 11:00:00.077: Client 0811.9650.8cb0 failed: reached maximum retries
    *Mar  7 11:00:00.333: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 11:00:00.357: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 11:00:05.077: Client 0811.9650.8cb0 failed: reached maximum retries
    *Mar  7 11:00:05.341: dot11_auth_dot1x_start: in the dot11_auth_dot1x_start
    *Mar  7 11:00:05.365: dot11_auth_parse_client_pak: Received EAPOL packet from 08
    11.9650.8cb0
    *Mar  7 11:00:10.077: Client 0811.9650.8cb0 failed: reached maximum retries

    Kindly get verified the configuration and the compatibility if there is a mismatch. Please find the link below for more information on EAP-TLS functions in Access points and clients.
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_white_paper09186a008009256b.shtml#wp39110

  • Authenticating cisco phones via EAP-TLS by LSC with Radiator

    Hi everyone,
    On a post from 4 years ago (https://supportforums.cisco.com/discussion/10952961/8021x-phone-authentication-eap-tls-mic-only) I read that someone managed to work authenticate phones via EAP-TLS without ACS, but rather using a Radiator server. They authenticated by MIC on each phone. I was wondering if anyone knows whether or not it's possible to do so by LSC, and if so how is it different than by MIC?
    Thanks in advance!

    I think the default EAP-TLS session timeout is zero sec. Enter the maximum number of seconds you want the client to remain connected to the network access device before having to reauthenticate in the Session TImeout field. If you enter a number greater than 0, the lesser of this value and the remaining resumption limit is sent in a Session-Limit attribute to the RADIUS client on the RADIUS Access-Accept response.
    If you enter 0, a Session-Limit attribute is not generated directly. A 0 does not prevent the authentication methods that perform secondary authorization from providing a value.
    Entering a value such as 600 (10 minutes) does not necessarily cause a full reauthentication to occur every 10 minutes. You can configure the resumption limit to make most reauthentications fast and computationally efficient.

  • Different wireless clients, should go for LEAP, PEAP or EAP-TLS?

    Hi ,
    I have a mixture of wireless clients in this customer environment such as PDA, Cisco clients and third party PCMCIA cards.
    Customer requires me to propose an EAP authentication method to authenticate them. WHat suits them?
    I plan to have authentication done on application level. Could you recommend any?
    Thanks.
    Delon

    Delon
    It will more be a matter of what all the clients support, you normally set it up for the least supported client or have different VLANs with different security levels based on what you clients support
    LEAP is only on Cisco or CCX certified cards
    If you base OS is Windows XP and the client cards they have support EAP then EAP-TLS is a pretty good choice if they will support PEAP then that is even better again.
    So to make this choice you really need to know exactly what client cards you have and what they support The AP will support all of them so the choice is based on the clients

  • Connecting iPads to an Enterprise Wireless 802.1x (EAP-TLS) Network Using Windows Server 2003 IAS

    Hi there,
    I am asked to deploy iPads on an 802.1x EAP-TLS WiFi network. The customer has a Windows Server 2003 IAS server providing RADIUS. There also is a Windows based CA infrastructure in place. This solution is in production and is already being used by other wireless devices. Could someone please highlight the configuration steps for the iPad deployment? The customer whishes to automate the initial deployment and the renewal of the certificates. I have a basic understanding of 802.1x, RADIUS, Certificates etc. in a Windows infrastructure but I am new to enterprise deployment of iPads. There is no MDM tool in place by the way...
    I did find a Microsoft article which I think describes what needs to be done: http://blogs.technet.com/b/pki/archive/2012/02/27/ndes-and-ipads.aspx. This article basically states the following steps:
    1. Create a placeholder computer account in Active Directory Domain Services (AD DS)
    2. Configure a Service Principal Name (SPN) for the new computer object.
    3. Enroll a computer certificate passing the FQDN of the placeholder computer object as a Subject Name, using Web Enrollment Pages or Certificates MMC snap-in directly from the computer (Skip step 4 if you are using the Certificates MMC snap-in)
    4. Export the certificate created for the non-domain joined machine and install it.
    5. Associate the newly created certificate to the placeholder AD DS domain computer account manually created through Name Mappings
    The article then elaborates on specific steps needed for the iPad because it treats all certificates as user certificates. Can someone confirm this behavior??
    Regards,
    Jeffrey

    Use VPP.  Select an MDM.  Read the google doc below.
    IT Resources -- ios & OS X -- This is a fantastic web page.  I like the education site over the business site.
    View documentation, video tutorials, and web pages to help IT professionals develop and deploy education solutions.
    http://www.apple.com/education/resources/information-technology.html
       business site is:
       http://www.apple.com/lae/ipad/business/resources/
    Excellent guide. See announcment post -- https://discussions.apple.com/thread/4256735?tstart=0
    https://docs.google.com/document/d/1SMBgyzONxcx6_FswgkW9XYLpA4oCt_2y1uw9ceMZ9F4/ edit?pli=1
    good tips for initial deployment:
    https://discussions.apple.com/message/18942350#18942350
    https://discussions.apple.com/thread/3804209?tstart=0

  • ISE Profiling for Wireless Devices (WLC 5508) like Laptops and Mobile Devices

    Hi,
    We have integrated WLC 5508 to cisco ise 3315 with ios 1.1.1 and using Guest Sponsor portal for wireless guest users.
    Where we have created open ssid in wlc and redirect web login portal in wlc for guest  users. We have enable all respective node in policy service for profiling and also configure snmp in wlc as well as in ise.
    When guest user is connected to open ssid its get redirected to web login page of ise portal and when it gets login we are  only able to see the username which guest user login but not the end device in monitoring log.
    Wireless End devices are not able to get profiled can any one tell me what configuration I need to do on ise or wlc side to profiled end guest wireless device like android,iphone and laptops
    Thanks
    Pranav

    Hi Tarikh,
    I only want to identify the end devices for wilress guest user. I have configured MAB Authentication and configure autorization policy where in mention identity group any condition as wlc web authentication and athorization profile only guest mentioning plain access for the same.
    Can you help me how I can achived profiling for wirless guest devices. I have configured all profiling probes . Enable snmp on wlc as well as in network devices.
    What else I need to configured to achived just identiting device nothing but profiling and which should reflect in authnetication logs.
    Thanks
    Pranav

  • ISE Licensing for IP Phones nodes

    Hi Guys,
    I'm currently worknig on an ISE design for a network where they have IP Phones for each end user device:
     Switch <--> IP Phone <--> End User Device.
    My concern is the licensing part; i'm not really interested in authenticating or profiling IP Phone nodes. rather i need only to provide full ISE services for End user devices behind IP Phones (Authenitcation,Authorizatino,Posturing....etc.). so i need to order a base and an advanced license that cover ONLY the number of end user devices without accounting for IP Phone units.
    Considering the above requirements ; what is the best deployment scenario to consider when configuring the switch interface that connect to each IP Phone with Single host port authentication (cdp bypass). would the ip phone consume from license count.
    What if we considered doing MAB for IP Phone nides and Dot1x for End users and considering MDA ? would it consume 2 units from total license number of nodes in this case ?
    What is the best practice for deploying and licensing ISE if i Cisco or a Third Party IP Telephony solution and i don't want to autheticate/authorize/profile ip phones ? 
    Thanks,
    Muayad Jallad,

    If you are using Cisco IP phones you can get away with single-host mode on the port which in effect ignores the phone. If the phone is a third party device you will most likely need to use multi-domain authentication and actually use ISE to allow the phone on the network.
    In summary - CIsco phone means potentially no license, if Avaya or other third party you will need to auth and use a license

  • Cannot use DSL for wireless & phone simultaneously with Airport Express

    Hello, I've just moved and switched to DSL from cable modem.
    SBC DSL
    One phone jack with the supplied filter on it allowing connection to the phone and supplied wired router
    They provided a CD that configured the connection for me. In their ethernet connection it is not PPOE. Just DHCP. When I connect the laptop directly to the router via ethernet, I am able to surf and talk on the phone. When i connect the router to the Airport express and connect wirelessly, I can use either the phone or the internet. When I make a phone call the wireless drops.
    Does anyone have any idea as to why this happens?
    Thanks,
    Neobe

    It's a 2.4 GHz phone
    This is likely your problem.
    2.4GHz phones are notorious for interfering with WiFi networks, as they share the same frequency range.
    This is a very common problem.
    I would suggest switching to a 900Mhz, or a 5.8GHz cordless phone.

  • Wireless Phone 7921G

    hi all,
    We are trying to authenticate cisco 7921G wireless phone through EAP-TLS..
    getting error message in ACS server
    EAP-TLS or PEAP authentication failed during SSL handshake
    but EAP-TLS works fine with same ACS server when user machine is connected.
    please let us know if any particular service need to be enabled in cisco 7921G(other than choosing in profile) to make it work
    thanks in advance

    one more thing observed is, in ACS server, the manufactured CA root certificate loaded in ACS server and checked in edit trust list.
    but in certificate revocation list..that root is displayed as not in use.
    CRL Issuers
    Issuer Friendly Name Status
    Cisco Manufacturing CA Not in use
    while edit to make it used it asking for CRL Distribution URL..where can i get this URL?
    thanks

  • EAP-TLS on ACS v4 for wireless users

    Hi,
    I?m trying to deploy EAP-TLS authentication method on ACS v4.0 for my local wireless users; really I stuck with the certificate issue and need your assistance to understand the required procedures to accomplish the task.
    As mentioned on the ACS configuration guide I have to have CA server to generate certificates for both ACS and wireless users, but I found an option on the ACS under System configuration tab then ACS Certificate Setup a Generate Self-Signed Certificate, I generated a certificate and uploaded a copy to my PC, installed and followed the recommended steps to configure the Microsoft XP client configuration but still I got the error ?Windows was unable to find a certificate to log you on to the network SSID? . Honestly I don?t know if this is possible but I gave it a try but failed.
    Kindly advice what is the appropriate and easiest way to accomplish the task, if you could provide me with helpful documents I?ll appreciate it.
    Regards,
    Belal

    I am currently using EAP-TLS authentication on my wireless users using ACS 3.2. I have had that problem before. This is what I did...
    Setup a Microsoft Certificate server as my
    CA. You can use same machine wih your ACS and CA.
    Then, generate certificate signing request from ACS then request a server certificate from CA then copy and install a certificate to ACS. On the ACS, go to global authentication setup check the EAP-TLS cetificate. If it failed to respond means that the server certificate is not properly setup.
    On the windows xp clients, connect your machine using wired LAN, then request a certificate from CA(the same CA that you have use to your ACS) using IE (ex. http://CAip/certsrv), but this time request a client certificate. The name you should put when requesting the cert must be you local windows user, use 1024, choose microsoft base cryptographic provider 1.0. then installl the certificate on the client. Verify you client certificate it i was installed properly.
    At that poit you should be able to connect you r wireless client using EAP-TLS.

  • Possible to select self-signed certificate for client validation when connecting to VPN with EAP-TLS

    In windows 8.2, I have a VPN connection configured with PPTP as the outer protocol and EAP : "Smart card or other certificate ..." as the inner protocol. Under properties, in the "When connecting" section I've selected "Use a certificate
    on this computer" and un-checked "Use simple certificate selection".
    My preference would be to use separate self-signed certificates for all clients rather than having a common root certificate that signed all of the individual client certificates. I've tried creating the self-signed certificate both with and without the
    client authentication EKU specified, and I've added the certificate to the trusted root certificate authority store on the client. But when I attempt to connect to the VPN I can not get the self signed certificate to appear on the "Choose a certificate"
    drop down.
    Are self signed certificates supported for this use in EAP-TLS? If it makes a difference, I'm working with makecert (not working with a certificate server).
    TIA,
    -Rick

    Hi Rick,
    Thank you for your patience.
    According to your description, would you please let me know what command you were using to make a self-signed certificate by tool makecert? I would like to try to reproduce this issue. Also based on my experience, please let me
    know if the certificate has private key associated and be present in the local machine store. Hence, please move the certificate from the trusted root certificate authority store to personal store.
    Best regards,
    Steven Song
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • Authentication eap-tls on ACS or local EAP WLC over Lwapp and 7921

    Hi All,
    I install WLC to provide Wlan architecture and the project was extended for VoWLAN. we have 7921 and E51 running over the wide WLAN architecture.
    Computer using Data over wirless are working over PEAP done by ACS and CA signed certificate + user secret on PC is link to the domain account and secret stay the login and password. Our problem is that user and password is link via ACS to Active Directory. The policy of password is to change frequently.
    For the Phone we are actually running authentication over Leap but I'm working to define the best security solution for us.
    I confront PEAP and Eap-TLS for now:
    1) PEAP check the authentication of ACS via certificate trust and authenticate via MS-Chapv2 and the secret password known by user. My problem here is the phone can only be static what is potentially not acceptable
    2) Eap-tls which is the best secured security due to the double side certificate authentication + (login / password) on the phone
    so I need to manage here Certificate Management ? I mean I can use either the MIC CA certificate on the phone or User CA defined one which I can put on ACS or Local EAP WLC and the put the ACS CA trust on the Phone.
    If I understood well I have to put User.cer and ACS_CA.cer on each phone and pout the User_CA on the ACS ?
    I have already Certificate on the ACS signed by CA (like veri-signed) so I must create CSR for any phones to be able to use the same CA ?
    I'm thinking to use also the local Eap certificate of Controller to manage all of that to avoid every potential money to pay to the trust CA of ACS
    can you help me to know if I understood everything good ? I would be please to exchange experience on that
    thanks ;)
    bye

    I am currently using EAP-TLS authentication on my wireless users using ACS 3.2. I have had that problem before. This is what I did...
    Setup a Microsoft Certificate server as my
    CA. You can use same machine wih your ACS and CA.
    Then, generate certificate signing request from ACS then request a server certificate from CA then copy and install a certificate to ACS. On the ACS, go to global authentication setup check the EAP-TLS cetificate. If it failed to respond means that the server certificate is not properly setup.
    On the windows xp clients, connect your machine using wired LAN, then request a certificate from CA(the same CA that you have use to your ACS) using IE (ex. http://CAip/certsrv), but this time request a client certificate. The name you should put when requesting the cert must be you local windows user, use 1024, choose microsoft base cryptographic provider 1.0. then installl the certificate on the client. Verify you client certificate it i was installed properly.
    At that poit you should be able to connect you r wireless client using EAP-TLS.

  • 7925g plus EAP-TLS plus wildcard cert

    Hi folks,
     Has anyone managed to put a wildcard cert on a 7925G (or 9971) to use for client authentication with EAP-TLS?  It seems like one is forced to use the MIC or a cert from a csr generated by the phone... but I'd really rather not keep track of a zillion certs.
    Thanks for any help.

    Hi,
    have you read the infos from the deployment guide (page 72 - install certificates) already
    http://www.cisco.com/en/US/docs/voice_ip_comm/cuipph/7925g/7_0/english/deployment/guide/7925dply.pdf

  • EAP-TLS help needed

    I have a lab setup and I am trying to get EAP-TLS working.  I have ACS 4.2 running on my active directory machine which is also my certificate authority.  I obtained a cert for the ACS and installed it, reset the ACS, then edited the certificate trust list and restarted.
    I added a user to the AD.  I then obtained a cert for my laptop logging into the certsrv as the user and installed it.
    I added the user to the ACS.
    When I try to connect from the wireless laptop using EAP-TLS with the wireless profile EAP TYPE set to Smart Card or Certificate the connection fails.  I have unchecked validate certficate authority with no luck connecting.
    When I check the ACS under the failed attemps it says ACS user unknown.  This is the same user, all I did was change the EAP type on the laptop.
    When I set the EAP type to PEAP I am able to get connected with or without validating the server certificate.
    Any help would be greatly appreciated.
    Seth

    Hello,
    I provided a few links that you may find helpful
    TLS config example
    http://www.cisco.com/en/US/customer/products/ps6366/products_configuration_example09186a00807917a6.shtml
    TLS Video
    http://www.youtube.com/watch?v=sazfGz2D3eo
    I hope this helps. Please rate helpful post ... Thanks

  • How to install EAP-TLS certificate?

    Hi All,
    Our wireless network requires EAP-TLS certificate installation.
    We use a MS 2003 server as a CA server.
    I tried to brows to the issuing website (http://CAserver/certsrv) but when I get to the section where I need to choose the strength of the key, somehow the phone's browser is not showing the options...
    So, I tried to issue a certificate from the issuing station and got a file called certnew.cer .
    From what I read this is the right certificate type, so I copied the file to the phone and tried to open it...
    But it only open it with the Notes application...
    Any help????
    10x in advanced,
    Naor. 

    The certificate needs to be in .der format. You probably have it in .cer (PEM) format right now.
    You can convert it using openssl. Change the filenames appropriately:
    openssl x509 -outform der -in MYCERT.pem -out MYCERT.der 
    Then send the .der file to the phone and open it. The phone should offer to install it as a certificate.
    Message Edited by sanjaymehta on 06-Aug-2009 09:22 PM
    Message Edited by sanjaymehta on 06-Aug-2009 09:23 PM
    Sanjay Mehta
    Motorola "Brickphone" circa 1996, Alcatel One Touch, Ericsson R380, Sony Ericsson T220, Sony Ericsson T630, Nokia E50, Nokia E61i, Nokia 9300i, Nokia E71,Nokia X6, Google Nexus S, iPhone 4S

Maybe you are looking for

  • Simply says "cannot install on this computer" when installing on my g4

    help! i went through all the steps and just before installing, it says "cannot install on this computer" with no error code, no other buttons, and no way to resolve the problem. i'm installing on a g4. please help!

  • My iMac will not read the Window 8.1 installer disc w/ Boot Camp

    I am currently trying to install Windows 8.1 on my iMac using Boot Camp Assistant.  I bought the software and I am falling the directions to a t, but when I insert the disc, my Mac just makes a few noises and spits it out. I know it will read cd's be

  • Selecting duplicate rows from table

    Hi all, How to select the duplicates rows present in the table...

  • Convert pdf in oracle discoverer

    Hi, Can anybody please describe how to convert oracle discoverer report in pdf format. Regards Gagan

  • Creating Photo Albums

    I just watched the preview of the new iPhone OS 3.0. At one point he was sending two pictures through e-mail, he said something like 'I think I have a Hawaii album in here..' and you could clearly see multiple albums in his phone instead of just 'Cam