7921 PEAP and Microsoft IAS

Answered Question
Feb 5th, 2008

I just set up a 7921 to authenticate using PEAP, a WLC 4402 as a Radius Client to a Microsoft IAS. The phone authenticated but I hadn't even installed a Trusted Root Certificate on the phone to validate the MS IAS server's machine certificate. Does 7921 PEAP not require server validation by default? IF so, how can I enable this important security feature?



Correct Answer by migilles about 9 years 2 weeks ago

7921 PEAP implementation does not validate the authentication server cert.

We may look into this for the future.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
migilles Tue, 02/05/2008 - 14:53

7921 PEAP implementation doesn't require and doesn't allow local client certificate to be installed.

aciscolook Tue, 02/05/2008 - 15:38

I know that PEAP doesn't require client certificate. I meant my radius server's machine certificate is from a Windows domain issued by a windows Certificate Authority. I never installed the Trusted Root Authority cetificate into the 7921 phone so how can it validate the radius server's certificate unless it doesn't validate by default. If this is the case how can I force the 7921 client to validate server's certificate?

Correct Answer
migilles Tue, 02/05/2008 - 16:10

7921 PEAP implementation does not validate the authentication server cert.

We may look into this for the future.

Michel.thebeau Wed, 08/06/2008 - 11:50

Hi,


I was wondering if this response about PEAP not validating the server cert is still valid today?


Thanks,


Michel

migilles Wed, 08/06/2008 - 13:42

Yes in 1.1(1) firmware it does not have the capability to use a client certificate to validate the server identity, but this will be in the next release 1.2(1) that is coming out shortly.

Actions

This Discussion