Replace Radius Certificate, best way?

Unanswered Question
Aug 6th, 2010
User Badges:
  • Bronze, 100 points or more


We currently have a deployment of a WCS, two WiSMs, some 80 APs and around 1000 Clients. They authenticate with WPA2-PEAP against two Cisco ACS Servers. The ACS have valid server certificates. The Clients use all available operating systems on the market.

I need now to replace the ACS servers with new Windows Radius servers. The new Radius servers also use new certificates from a different reseller. My tests with a test SSID have shown that I need to delete and recreate the connection profile in Windows 7, to be able to connect after the Radius change.

Any good way on how to achieve the exchange, without making to much work on the client side?

The clients are all private machines (education), so we can't really deploy anything on them.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
George Stefanick Sun, 08/08/2010 - 11:57
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, October 2015

Why can you not use the same cert from the ACS? Are your clients vailidating certs?

patoberli Sun, 08/08/2010 - 23:38
User Badges:
  • Bronze, 100 points or more

The servers have new hostnames, so the Certs would be probably not anymore valid.

If you add the Wlan to Windows7 by selecting it and click connect, it will automatically put the Validate Option on.

I guess I won't come around to inform the users to delete and recreate the connection.


This Discussion



Trending Topics - Security & Network