09-05-2014 07:47 AM
Hello All, Currently we use self signed certificate for the radius servert certificate in CPMM(6.3.22) and things work fine. But i noticed the CN of the certificate doesn't match the server name and there is no SAN either, the threads here read either CN/SAN has to match the server name.
Is this supposed to work even without a matching CN/SAN ?
Solved! Go to Solution.
09-05-2014 08:00 AM - edited 09-05-2014 08:01 AM
For 802.1X authentication, the name does not have to match (although some like it to). For HTTPS, it should match. Please review the Certificates 101 for CPPM technote for more details on your options (attached).
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX
09-05-2014 08:21 AM
09-05-2014 02:11 PM
If you are using Group Policy to configure the supplicant correctly (install cert, verify cert, verify common name, etc), then you having nothing to worry about.
BYOD devices will not have the CA for your cert since it is self-signed and many will choose to connect and NOT verify the server certificate which means you are opening your network up to Man in the middle attacks where credentials can be compromised.
Here's a great write-up: