02-05-2008 12:45 PM - edited 07-03-2021 03:20 PM
I just set up a 7921 to authenticate using PEAP, a WLC 4402 as a Radius Client to a Microsoft IAS. The phone authenticated but I hadn't even installed a Trusted Root Certificate on the phone to validate the MS IAS server's machine certificate. Does 7921 PEAP not require server validation by default? IF so, how can I enable this important security feature?
Solved! Go to Solution.
02-05-2008 04:10 PM
7921 PEAP implementation does not validate the authentication server cert.
We may look into this for the future.
02-05-2008 02:53 PM
7921 PEAP implementation doesn't require and doesn't allow local client certificate to be installed.
02-05-2008 03:38 PM
I know that PEAP doesn't require client certificate. I meant my radius server's machine certificate is from a Windows domain issued by a windows Certificate Authority. I never installed the Trusted Root Authority cetificate into the 7921 phone so how can it validate the radius server's certificate unless it doesn't validate by default. If this is the case how can I force the 7921 client to validate server's certificate?
02-05-2008 04:10 PM
7921 PEAP implementation does not validate the authentication server cert.
We may look into this for the future.
02-05-2008 05:41 PM
Thanks again for the information.
08-06-2008 11:50 AM
Hi,
I was wondering if this response about PEAP not validating the server cert is still valid today?
Thanks,
Michel
08-06-2008 01:42 PM
Yes in 1.1(1) firmware it does not have the capability to use a client certificate to validate the server identity, but this will be in the next release 1.2(1) that is coming out shortly.
08-13-2008 06:30 PM
Release 1.2(1) for the 7921G was posted on CCO yesterday.
1.2(1) Software
1.2(1) Release Notes
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide