Wireless Access

We have a customer that is college university.

They have and 802.1X user only authenticatoin network so users can use own devices and their staff/student domain credentials to authenticate against Windows AD, IAS RADIUS server.  The Cert on IAS server is signed by GeoTrust Global CA

Users connect with non-domain machines, using thier own Devices.

Windows 7 and other OS are not accepting the certifacte signed by GeoTrusts.  

A solution is to set the wireless settings to NOT Validate server certificate.

We want a solution that requiers the least amount of configuration and management.  Customers want the simplest setup for end-user so IT staff does not have to touch all these laptops.

Is there a Root CA that is automatically trusted by most devices, esp. windows 7?

Is there a better way to configure this network to avoid this issue?

thanks 

To ensure this, you would need an application that distributes the root CA and configures the WLAN devices, like Quickconnect...

a 30-day free trial is here:  http://page.arubanetworks.com/BYODQUICKCONNECT30DayFreeTrial.html

We use a self signed certificate which requires unchecking the validate certificate option. What we did was use the netsh command to export a working WIFI profile and then created  a batch file to import the exported profile. To make it easier, we used IExpress http://en.wikipedia.org/wiki/IExpress to wrap the files in an executable. The client runs a the small executable in Windows 7, it imports the profile, and they are prompted to enter their credentials for 802.1x.

thanks for you ideas.

That gives us some interesting ideas to look into.