Security

Reply
Contributor II
Posts: 52
Registered: ‎03-07-2011

Avoiding Certificate Acceptance For RADIUS

Greetings:

 

It's time once again to renew our certificate for our RADIUS server.  We're endeavoring to buy a certificate that has root certs installed in Windows so we don't get the lovely "Terminate or continue" message when connecting to our network for the first time.  We thought we had succeded in doing this by purchasing a certificate from Thawte in another location, but those users are still being prompted to accept the cert.  I'm not sure if we're doing something wrong, or if everyone is running into this in a WPA/WPA2 Enterprise situation.  If you're not running into this issue, discussing anything you may have done differently (and your your cert vendor!) would be appreciated.

Guru Elite
Posts: 8,191
Registered: ‎09-08-2010

Re: Avoiding Certificate Acceptance For RADIUS

[ Edited ]

That prompt is asking the user whether they want to trust the certificate for that particular connection (SSID). Unless you preconfigure the device using something like QuickConnect or manually, the user will always get that prompt the first time they connect (or when the cert changes) whether the certificate is trusted by a public CA or not.

 

This is why Microsoft changed the dialog box in Windows 8 to read something along the lines of "If you are expecting to see <SSID> here, click ok."

 

It's a normal part of EAP-PEAP implementations.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: