University Computer Help Desk

Install Entrust certificates required for isunet on Windows Vista configured for MS-PEAP

Install a new Entrust secure server certificate so you can connect to "isunet" using Windows Vista configured for MS-PEAP.

Before You Begin

These instructions are for Windows Vista computers that can already access "isunet" using MS-PEAP. If you need to perform a new "isunet" configuration, refer to 1232: Configuring "isunet" wireless on Windows Vista and Windows 7 using MS-PEAP.

Starting on February 20, 2009, you must have a new Entrust certificate to connect to "isunet." These instructions require you to download and install one new Entrust.net secure server certificate. You must also configure your wireless profile to use the new certificate.

Symptom

On or after February 20, 2009, when you attempt to connect to "isunet" you receive the following error message:

Windows cannot connect you to isunetContact your network administrator

Important: Even if you don't see this error message, you must install and configure the new Entrust certificate to connect to "isunet" starting February 20, 2009.

Solution

To resolve this problem, you must install the new security certificate from Entrust.

These instructions involve three main steps:

  • Step 1 - Download the new Entrust certificate for Windows Vista
  • Step 2 - Install the new Entrust certificate
  • Step 3 - Configure your wireless profile to use the new Entrust certificate

Detailed instructions for each of these steps is provided below.

Step 1 - Download the New Entrust Certificate for Windows Vista

To download the Entrust certificate for Windows Vista, do the following:

  1. Establish an Internet connection.
    • Prior to February 20, 2009, you can use your existing "isunet" wireless connection.
    • On or after February 20, we recommend using a wired network connection on campus, an Internet connection at home, or the "isu-public" wireless network in Milner Library.
    • On or after February 20, you can connect to "isunet" in a non-secure manner (see Step 1A) so you can download the new Entrust certificates. Make sure you complete these instructions to enable certificate validation.
  2. Download the Entrust Certificate for Windows Vista.

Step 1A - Connect to "isunet" in a Non-Secure Manner (optional)

You can connect to "isunet" in a non-secure manner so you can download the Entrust certificate for Windows Vista.

  1. Click Start > Control Panel.
  2. Click Classic View on the left.
  3. Double-click Network and Sharing Center.
  4. Click Manage Wireless Networks on the left.
  5. Right-click on your isunet profile and select Properties.
  6. Click the Security tab.
  7. Click the Settings... button.
  8. Remove the check mark next to Validate server certificate.
  9. Click OK twice until you are back to your desktop.

You may now connect to "isunet" as you normally would. Once you are connected, download the Entrust Certificate for Windows Vista and proceed with Step 2 below.

Important: Even though you are now online, you should complete the rest of these instructions. Failure to do so could open your computer to potential security risks.

Step 2 - Install the New Entrust Certificate for Windows Vista

To install the new Entrust certificate for Windows Vista, do the following:

  1. Double-click on the ZIP file you downloaded. This file is named Entrust Cert for Windows Vista.zip.
  2. Double-click on the file inside the ZIP. It is named entrust_l1b.cer.
  3. Click the Install Certificate... button.
  4. Click Next.
  5. Select the first option: Automatically select the certificate store based on the type of certificate.
  6. Click Next.
  7. Click Finish.
  8. You will see the message, The import was successful. Click OK.
  9. Click OK on the certificate window.

Step 3 - Select the New Entrust Certificate in your "isunet" Wireless Profile

To select the new Entrust certificate in your "isunet" wireless profile, do the following:

  1. Click Start > Control Panel.
  2. Click Classic View on the left.
  3. Double-click Network and Sharing Center.
  4. Click Manage Wireless Networks on the left.
  5. Right-click on your isunet profile and select Properties.
  6. Click the Security tab.
  7. Click the Settings... button.
  8. Put a check mark next to Validate server certificate.
  9. Remove the check mark next to Connect to these servers:.
  10. Scroll through the list labeled Trusted Root Certificate Authorities. Put a check mark next to Entrust.net Certification Authority (2048).
    • If you are performing these instructions prior to February 20, 2009, also put a check mark next to Entrust.net Secure Server Certification Authority.
  11. Click OK twice.
  12. Close the Manage Wireless Networks window and any other windows that might be open.

You may now connect to "isunet."