Article ID: 2518158 - View products that this article applies to.
While connecting to a wireless network on a Windows system that is part of a workgroup, a Windows Security Alert dialog similar to the following may be displayed:
The server “<Authentication server>” presented a valid certificate issued by “<CA name>”, but “<CA name>” is not configured as a valid trust anchor for this profile. Further, the server “<Authentication server>” is not configured as a valid NPS server to connect to this profile.
The server “<Authentication server>” presented a valid certificate issued by “<CA name>”, but “<CA name>” is not configured as a valid trust anchor for this profile.
If you click the Connect button on the dialog box, the wireless connection will be established successfully.
To validate the server certificate, Windows will check if the second element in the chain, the Certification Authority (CA) that issued the end certificate, is a trusted CA for Windows NT Authentication. A CA is considered to be trusted if it exists in the "NTAuth" system registry store found in the CERT_SYSTEM_STORE_LOCAL_MACHINE_ENTERPRISE store location. If this verification fails, either of the warning messages in the Symptoms section could occur. By default, the CA certificate is not in the NTAuth store on a Windows system that is part of a workgroup.
certutil -enterprise -addstore NTAuth CA_CertFilename.cer
About How to import third-party certification authority (CA) certificates into the Enterprise NTAuth store, please refer to http://support.microsoft.com/kb/295663
(http://go.microsoft.com/fwlink/?LinkId=151500)for other considerations.
Article ID: 2518158 - Last Review: May 20, 2011 - Revision: 3.0