Wireless Access

Reply
Contributor I

IAS without CA

Hi Forum,

 

I want to use IAS and AD for authentication without using anycertificate or CA, is it possible please share help or configuration with me.

I read different articles but they all include CA for authentication.

 

Regards,

Faisal 

Aruba

Re: IAS without CA

If you want to to 802.1x authentication (whether with client certificates or just username/password), you'll still need a certificate on the RADIUS/IAS side.    This can be a cert purchased from a public trusted authority, one issued from an internal PKI (for example a Microsoft PKI),   or a self-signed certificate.   Either way, you'll want to either make sure your clients trust the certificate (can be pushed through AD if you use a self-signed certificate) or tell the clients not to validate the server certificate (typically not recommended).


I usually use makecert.exe to do self-signed certificates.  You just need to ensure it has the Server Authentication purpose.  A sample is:

 

makecert.exe -n "CN=dc.mydomain.local" -sr LocalMachine -ss my -r -pe -eku 1.3.6.1.5.5.7.3.1 -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12 -e 01/01/2025

 

This will create the certificate and iinstall it to the Local Machine's certificate store; you can then reference it in your IAS policies.

 

Other options for makecert: 

http://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.71).aspx

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: