We are using an 802.1x configuration policy that uses AD computer certificates to get on the network. It generally works as can be expected. Every now and then I'll get a call from users who suddenly can't get on the network. When I look at System Preferences > Network and click on the Connect button I am prompted to pick a certificate and there are 2 certs with the computer name: ComputerName and ComputerName(1) When I look in Keychain Access> System> Certificates sure enough there are 2 certs for their computer. The first one has NOT expired and the second one indicates it was created shortly before the user lost connectivity with the network. I delete the old cert and make sure the new cert lets them on the network. My question is where do I begin to look to troubleshoot this? is it a Mac thing? a configuration policy thing? a Certificate server thing? It's happened a few times to a handful of users, but not at the same time. I can't find anything in the logs at the time it happens. Previously I thought maybe the user is doing something to make it happen, but it just happened to me this morning on my admin Mac and I was definitely not doing anything with the certs or keychain at the time.
Question
Random computer cert creation
+21
+16You didn't make any changes to the config profile and/or redistribute it? I would expect it to pull a new cert from AD if the profile was redistributed. I am just getting into TLS certs for 802.1x wired authentication so I don't have very broad use yet but that is the only time I have seen a machine get multiple AD certs.
+21Nope. I haven't made any changes nor tried to push it to any machines. It's very random and very sporadic. So far it's happened to maybe 5 Macs in the past 8 months.
Reply
Most helpful members this week
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.