D-Link Forums
D-Link Wireless Access Points For Business => DAP-2695 => Topic started by: lndshrk on October 08, 2015, 10:29:00 PM
-
First, I'll answer the question I'll be asked - yes, contacted USA support and they can't answer - ticket is C6750524 - A1 and 1.1
Now, that out of the way...
I have setup the primary SSID to use the internal radius server in 802.1x PEAP mode. Added users, etc.
I can connect easily to iOS and Android devices - so I know it's working
I cannot connect to Windows 7 x64 using the radius-enabled SSID
It connects fine using a seconday WPA2 SSID
In discussion with Business-class support (nice guy - this is just a weird problem they haven't seen before) it seems like it might be a certificate issue.
We tried a number of things, with no joy.
I decided to "try something" and created certificates using OpenSSL.
Successfully created a Root Certificate Authority, an Intermediate Certificate Authority, and a device key.
No matter WHAT format I convert the device cert into - the DAP-2695 says it's the wrong format.
Ideas?
Jim
-
Welcome!
I'll see if I can get some additional review on this. Please be patient.
-
Some updates...
I have found how to get this AP to connect to W7 **WITHOUT** using a certificate. (I have a procedure - if anyone needs it, ask!)
You CANNOT make it connect USING a certificate because the certificate it tries to use is:
1) Invalid (and)
2) NOT REPLACEABLE.
Replacing the "SSL Certificate" on the AP only allows you to have proper HTTPS:// connection to the AP
The RADIUS server continues to use an INVALID certificate that seems to be "ww@alphanetworks" which uses an untrusted cert authority.
If you understand 802.1x you can see why this is a problem because it peels back one layer of security from PEAP.
Who "engineers" a system with an INVALID and IRREPLACEABLE certificate.
-
Please post this information on how to correct this issue on this model DAP.
-
I cannot "correct the issue".
I can WORK AROUND THE ISSUE by ignoring certificate verification on WPA-Enterprise.
This is a "work around" at best.
D-Link Engineering really do need to get their act in gear and fix this with a firmware update
or at least give ME the opportunity to change the certificate for the Radius server.
-
I recommend that you phone contact your regional D-Link support office and ask for help and information regarding this. We find that phone contact has better immediate results over using email.
Let us know how it goes please.
-
If you actually READ my first post you'd see that that was the FIRST thing I did.
I even listed the TICKET number.
You seem to have a wrote answer for almost everything. "I recommend that you phone contact your regional D-Link support office and ask for help"
Did that before I posted here to AVOID the canned answer.
How about trying to get D-Link engineers to actually look at it and fix it.
They really have TWO choices:
1) Release new firmware with a VALID certificate and give us the public for same
2) Release new firmware that allows the certificate to be replaced by the end user.
It's kind of an either/or proposition
-
This is beyond forum help and needs to be addressed and reviewd by phone support. Please contact then about this. You can reference this thread for there review as well. Good Luck.