Security

Reply
Frequent Contributor II

radius and certificates

Hi ,

 

I am implementing 802.1x for a ssid. 

AD on one windows 2003 server ( Root CA ) and IAS on other machine.

Now where do I need to install certificate ( I guess on IAS enabled machine) and which certificate (ROOT CA or I have to request a certificate from root CA for IAS enabled machine)??

 

Also on Windows XP client I have to select Validate server certificate ?

and which certification authority I have to check ? Do i need to install Root CA first on XP client then I will Get option for selecting my Certificate Authority ?

 

Guru Elite

Re: radius and certificates

check the thread here:  http://community.arubanetworks.com/t5/Authentication-and-Access/Step-by-Step-How-to-Configure-Microsoft-IAS-Radius-Server-from/m-p/14391/highlight/true#M80

 

You also might try searching for Windows 2003 in case you have any issues.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Frequent Contributor II

Re: radius and certificates

Thanks for your reply..

I have implemented radius but need some clarity regarding the certificates part...what kind of certificate should be present on IAS enabled machine ?

Moderator

Re: radius and certificates

Hi

 

Your IAS server should have a Server Certificate, and clients should validate that the server certificate (presented by the IAS server) is signed by your CA.

 

Regards

Samuel Pérez
ACMP, ACCP, ACDX#100

---

If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)
Frequent Contributor II

Re: radius and certificates

Hi,

 

Now, I have AD and CA on one Windows 2003 server. (server 1)

 

IAS enabled on second server . To obtain certificate for IAS enabled server , in Internet Explorer I have put  <server1 IP>/certsrv

which certificate is to be installed >> there are two options 1. request a certificate  2. Download CA certificate >>> what to select ?

 

Also on client laptop CA certificate is to be installed ?

Guru Elite

Re: radius and certificates

1.  Request a Certificate.  Computer Certificate.

 

2.  Client does not need one distrubuted in this manner.

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Frequent Contributor II

Re: radius and certificates

thanks colin, 

 

one last question,

Following is XP client config Is it correct,

TestCA is my Root CA and after installing on this XP Client I got the TestCA checkbox...is it required....or

or we can just tick Validate Server Certificate box and leave 'Trusted Root CA 'unchecked...

 

 

 

untitled.JPG

Guru Elite

Re: radius and certificates

Not required, but it locks it down so that your client will only connect if the radius server it authenticates to has that CA certificate.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: