Security

Hi All,

We have been stuck in an issue regarding certificates from a win2008 radius server. In order to make our eap-peap authentication to work we have to install the winserver's certificate in each user's pc. Is there a way to have the controller to handle this task instead of install the certificate in all computers?

My controller's model is 3400 with version 6.4.2.17

regards!

How are your user's supplicants being configured? Are they managed using a GPO/EMM solution?

Is your certificate public or privately signed?

it is a private cert generated by auto in the server. and as supplicant we are not using a specific one (I believe the one we have windows as default) , we just propagate the SSID without termination setting.

 so far I can see we have the CSR generated in the certification option.

If you don't want to add the certificate manually, you'll need to get a public CA-signed EAP server certificate.

Please keep in mind that using PEAPv0/EAP-MSCHAPv2 with unconfigured clients puts your user's credentials in jeopardy as this EAP method is highly susceptible to man-in-the-middle attacks with unconfigured clients.