This article outlines scenarios where RADIUS authentication fails on a Windows device due to certificate errors.
Symtoms
A Windows wireless client attempts to authenticate to a WAP configured with JumpCloud RADIUS and fails with error: "The connection attempt could not be completed...Go Daddy Class 2 Certification Authority is not configured as a valid trust anchor for this profile."
Error Details
The connection attempt could not be completed
The credentials provided by the server could not be validated. We recommend that you terminate the connection and contact your administrator with the information provided in the details. You may still connect but doing so exposes you to security risk by a possible rouge server.
Details
Radius Server: radius.jumpcloud.com
Root CA: Go Daddy Class 2 Certification Authority
The server "radius.jumpcloud.com" presented a valid certificate issued by "Go Daddy Class 2 Certification Authority" is not configured as a valid trust anchor for this profile. Further, the server "radius.jumpcloud.com" is not configured as a valid NPS server to connect to for this profile.
Causes
The client wireless configuration is using EAP/TTLS and the JumpCloud radius certificate is not in the client's trusted certificate store.
Resolutions
- Set the authentication method to PEAP. The RADIUS server certificate should auto-negotiate, installing the certificate on the client will not be necessary.
OR
- Download the GoDaddy Class 2 Certification Authority Root Certificate - G2 and GoDaddy Secure Server Certificate (Intermediate Certificate) - G2 from the Godaddy certificate repository and install it to the system's Certificate Manager.
For proper setup using EAP/TTLS, see Configure your WiFi Clients to use RADIUS