01-28-2009 06:53 AM - edited 07-03-2021 05:04 PM
I have a customer that wants to use certificates to authenticate clients on a wireless network.
I cant se how this is to be implemented
Can someone here point me in the right direction ??
/PerB
02-03-2009 07:50 AM
Do you want to implement just server side certificates or both server and user side?
Here are some documents to read over.
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080921f67.shtml
Seth
02-03-2009 08:43 AM
I would use PEAP user authentication. It only requires a server side SSL digital certificate so don't have to visit each client. It's secure and easy to manage. You install the certificate on your authentication server.
You normally have to renew the SSL certificate and reinstall annually though.
Chuck
02-04-2009 12:24 PM
Hey guys,
FYI the server certficate used in PEAP is only protecting you from connecting to a fake wireless AP with the same SSID. All you have to do is uncheck the box "validate server certificate" to bypass any certificate checks so that may not be what you are looking for. You may want to look at TLS or PEAP with TLS. I have not used either, so I don't have any first hand experience with those, but they use client based certificates so that would authenticate your client with something beyond the usual user name and password. With PEAP only, all you need is a valid user name and password. You can use most any computer to connect if you do not validate the server cert on the client.
Randy
02-04-2009 10:03 PM
Thanks !
The idea is to have certs on all the clients. Usernames and passwords has to be simple in this implementation. PEAP with TLS sounds like the solution to test.
/PerB
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: