acs server certificate

Unanswered Question
Jul 23rd, 2007
User Badges:

hi all,

i'm tryin to get the certificate setup for the peap authentication for wireless clients.i installed the certificate according, enabled peap/tls authenticatiion, checked the certificate trust lists.


i was able to connect to the server without the certificate installed.then downloaded the server certificate for peap server authentication.selected it for authentication in the client software(lenovo/ibm access connection)and now the profile doesn connect..


is there any special steps when installing the certificate, cause even TLS with only user certificate(unchecked server certificate) authentication works..


please help...


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Jagdeep Gambhir Mon, 07/23/2007 - 05:54
User Badges:
  • Red, 2250 points or more

Hi,

Are you using self sign certs? If yes then you don't need server certificate on client. Server cert is only installed on radius. If you are using MS certs or any other 3rd party certs then you need to install CA on the client.


Self signed cert is only used for the server cert.


Regards,

~JG


Pls rate helpful posts



zanub Mon, 07/23/2007 - 19:09
User Badges:

hi,

thanks for the reply..

i'm using ms cert authority..i'm downloading the server cert into client machine using http:///certsrv

once i select the certicate also, the PEAP profile fails to connect.PEAP profile w/o certificate connects properly.also in acs all the settings look proper according to all the documentation..i feel its something related to certificates..


thanks..

Jagdeep Gambhir Tue, 07/24/2007 - 05:02
User Badges:
  • Red, 2250 points or more

Hi ,

With PEAP there is no need to install server cert on the Client.


On ACS you need,

1) CA

2)Server Cert


On Client

1) CA (Optional)


Please check this PEAP guide.


Regards,

~JG






Attachment: 
zanub Tue, 07/24/2007 - 17:56
User Badges:

hi,

yes u a right the ca certificate is optional in the client. i guess i mentioned server certificate instead of ca certificate for client..actually we mention certs downloaded from ms cert service webpage as server cert and user cert.


i installed the ca certificate on the client as in step 16 and when i try to connect with this certificate option checked, the peap connection fails.


also the document is very good.i had got all the info in this document from diff websites, not all at one place..please do tell where u got this document from..


thanks..

Jagdeep Gambhir Thu, 07/26/2007 - 04:42
User Badges:
  • Red, 2250 points or more

Hi,

This doc is not available on any site. This was made by one of my senior engineer Bradley. W.Mountford. Hats of to Brad


Good to know that you find it handy.



Thanks,

~JG


Please mark it resolved to other can benefit from it.



zanub Sun, 07/29/2007 - 22:54
User Badges:

hi,

acutally i'm still facing the issue. still not able to connect with certificate installed..dont know wat am doin wrong..anyways hope to resolve soon..

thanks..

Jagdeep Gambhir Tue, 07/31/2007 - 05:15
User Badges:
  • Red, 2250 points or more

Hi,

Let me know if it is working fine for you ?



Regards.

zanub Tue, 08/07/2007 - 22:26
User Badges:

nope..i guess its something wrong in the way i'm installing the certificate in the servre machine..i'm facing similar issue with odyssey client..also tried creating a template for server authentication(copied from web server template) and installing on the server..no luck yet..



Jagdeep Gambhir Wed, 08/08/2007 - 04:42
User Badges:
  • Red, 2250 points or more

What Exactly is happening ? Can you provide me some more details ?



Regards

Actions

This Discussion