How to delete EAP-TLS certificates using registry
Hello Everyone, I am using 802. 1x client on windows XP using user certificates based to get authenticated from the Radius server using EAP-TLS. My problem is that I want to use more than one user certificates on the client and if the user choses certificate 1, he is authenticated to VLAN 1 by the radius server and ...
Hello Everyone,
I am using 802.1x client on windows XP using user certificates based to get authenticated from the Radius server using EAP-TLS. My problem is that I want to use more than one user certificates on the client and if the user choses certificate 1, he is authenticated to VLAN 1 by the radius server and if he choses certificate 2, he is assigned VLAN 2 by Radius server. The certificates are installed in the Current User certificate store.
Now the problem here is that when you get authenticated for the first time using 802.1x EAP-TLS method, windows asks you to select the desired certificate and based on the chosen certificate, you are authenticated. After this, it does not ask you again when you try to get authenticated again and automatically uses the certificate that you chosed at the first selection
In case you want to get authenticated to VLAN 2 using certificate no. 2, you need to go in mmc and delete the first certificate manually and then start the authentication process. I wonder if this can be done using some registry file similar to PEAP. For PEAP, windows caches the username and password in the following registry location
[HKEY_CURRENT_USER\Software\Microsoft\Eapol\UserEapInfo] and you can over ride this file and windows will prompt for the username and password again. I wonder if similar can be done for EAP-TLS certificates as well.
I will appreciate any pointers regarding this.
Khurram
I am using 802.1x client on windows XP using user certificates based to get authenticated from the Radius server using EAP-TLS. My problem is that I want to use more than one user certificates on the client and if the user choses certificate 1, he is authenticated to VLAN 1 by the radius server and if he choses certificate 2, he is assigned VLAN 2 by Radius server. The certificates are installed in the Current User certificate store.
Now the problem here is that when you get authenticated for the first time using 802.1x EAP-TLS method, windows asks you to select the desired certificate and based on the chosen certificate, you are authenticated. After this, it does not ask you again when you try to get authenticated again and automatically uses the certificate that you chosed at the first selection
In case you want to get authenticated to VLAN 2 using certificate no. 2, you need to go in mmc and delete the first certificate manually and then start the authentication process. I wonder if this can be done using some registry file similar to PEAP. For PEAP, windows caches the username and password in the following registry location
[HKEY_CURRENT_USER\Software\Microsoft\Eapol\UserEapInfo] and you can over ride this file and windows will prompt for the username and password again. I wonder if similar can be done for EAP-TLS certificates as well.
I will appreciate any pointers regarding this.
Khurram
Participate on our website and join the conversation
This topic is archived. New comments cannot be posted and votes cannot be cast.