03-12-2009 04:05 AM - edited 03-15-2019 04:48 PM
Hi,
Was wondering if some could assist, I have managed to install the root CA certificate on the 7921. In the PEAP enablement process on the 7921 it is mentioned that under the advanced portion of the Network Profile "true" needs to be selected under the validate certificate portion.
I cannot seem to find this on the web interface of my 7921 handset. Please find attached a screenshot.
03-12-2009 06:20 AM
Hi Antonio,
From the page you linked in your attached screenshot go to the Certificate Options section, as shown below :)
Configuring PEAP
Protected Extensible Authentication Protocol (PEAP) uses server-side public key certificates to authenticate clients by creating an encrypted SSL/TLS tunnel between the client and the authentication server.
--------------------------------------------------------------------------------
Note The authentication server validation can be enabled by importing the authentication server certificate.
--------------------------------------------------------------------------------
Before You Begin
Before you configure PEAP authentication for the phone, make sure these Cisco Secure ACS requirements are met:
â¢The ACS root certificate must be installed
â¢Enable the Allow EAP-MSCHAPv2 setting
â¢User account and password must be configured
â¢For password authentication, you can use the local ACS database or an external one (such as Windows or LDAP)
Enabling PEAP Authentication
To enable PEAP authentication on the phone, follow these steps:
Procedure
--------------------------------------------------------------------------------
Step 1 From the phone configuration web page, choose PEAP as the authentication mode. See Configuring the Authentication Mode.
Step 2 Enter a user name and password.
--------------------------------------------------------------------------------
Enabling PEAP (MS-CHAPv2) Server Certificate Authentication
To enable server identity validation, follow these steps:
Procedure
--------------------------------------------------------------------------------
Step 1 From the Network Profile Advance Profile page, choose PEAP as the security mode in the WLAN Security section.
Step 2 In the Certificate Options section, choose True in the Validate Server Certificate subsection. Another window displays with available certificates. The displayed fields are Type, Common Name, Issuer Name, Valid From and Valid To. You can install, export, or import certificates as required. If you are importing a certificate to the phone, you can browse the server for the file.
Step 3 If you choose EAP-TLS authentication, the User Certificate Installation page displays. You only have to enter the Common Name field in the first step to use EAP-TLS. There are four steps to complete the EAP-TLS User Certificate Installation. Click Submit when done.
Hope this helps!
Rob
03-12-2009 06:52 AM
hi Rob,
Thanks for the reply.
To clarify I have uploaded the Root CA certificate.
The bit I am struggling with is this below:
"Step 2 In the Certificate Options section, choose True in the Validate Server Certificate subsection. Another window displays with available certificates. The displayed fields are Type, Common Name, Issuer Name, Valid From and Valid To. You can install, export, or import certificates as required. If you are importing a certificate to the phone, you can browse the server for the file. "
In the Network Profile Advance Profile, I dont see a "certificate options" section. I have attached a screenshot of a screenpaste of the Advanced Prfile section in my initial post.
Thanks
03-12-2009 07:41 AM
Hi Antonio,
Isn't it just further down the page under "Certificates" (fron screenshot)?
Rob
03-12-2009 07:52 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: