Jump to content
Compatible Support Forums
Sign in to follow this  
khurram

How to delete EAP-TLS certificates using registry

Recommended Posts

Hello Everyone,

 

I am using 802.1x client on windows XP using user certificates based to get authenticated from the Radius server using EAP-TLS. My problem is that I want to use more than one user certificates on the client and if the user choses certificate 1, he is authenticated to VLAN 1 by the radius server and if he choses certificate 2, he is assigned VLAN 2 by Radius server. The certificates are installed in the Current User certificate store.

 

Now the problem here is that when you get authenticated for the first time using 802.1x EAP-TLS method, windows asks you to select the desired certificate and based on the chosen certificate, you are authenticated. After this, it does not ask you again when you try to get authenticated again and automatically uses the certificate that you chosed at the first selection

 

In case you want to get authenticated to VLAN 2 using certificate no. 2, you need to go in mmc and delete the first certificate manually and then start the authentication process. I wonder if this can be done using some registry file similar to PEAP. For PEAP, windows caches the username and password in the following registry location

[HKEY_CURRENT_USER\Software\Microsoft\Eapol\UserEapInfo] and you can over ride this file and windows will prompt for the username and password again. I wonder if similar can be done for EAP-TLS certificates as well.

 

I will appreciate any pointers regarding this.

 

Khurram

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×