Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
20093
Views
0
Helpful
0
Comments

How to Install Certificate for Wireless Clients

Vinay Sharma
Level 7
Level 7

‎07-13-2011 08:09 AM - edited ‎11-18-2020 02:54 AM

Introduction:-


How to Install Certificate for Wireless Clients.

In first Section we will see how to install the root certificate on client machines using Active directory. In Second section we will see how we can install root cert manually.

In order to use any certificate, we need the signing authority of that certificate in the Certificate Trust List i.e. CTL on client machine. For Cisco based clients and the native Windows clients,  Wireless Zero Configuration WZC clients works fine. In organization running Windows AD i.e.Active Directory, there is a way of globally inserting a Root Certificate in to the CTL of all users within the AD. If we doesn't use Active Directory then we need to go to second section for Manual Root Certificate installation.

Login as a Domain Administrator and go to group policy under "Active Directory Users and Groups".Normally the Root Certificate to be deployed to the entire domain, but you can limit the deployment to a certain Organizational Unit that contain a certain class of users. In this example we'll assume that deployment for the Root Certificate and Wireless PEAP Configuration in AD.

Right click on your domain --> click "Properties"as shown.

Click on the "Group Policy" Tab --> "New"and make a new policy called "PKI Policy" --> then click "Edit".

Under "Computer Configuration" --> right click on "TrustedRoot" --> click "Import".

Import the Self Signed Root Certificate and continue with "Next".

Once copied, "Root Certificate"to the C:\ directory of the machine--> you're editing the group policy on, type in the path and name and click "Next".

Click "Finish" and close all windows. Once complete the entire Active Directory will "trust" the new "Self Signed" certificate that is installed self-signed with the "Self-SSL" tool.

Manual Installation Procedure:-


In case we don't have AD, in that case we use Manual deployment the root certificate in user's Certificate Trust Lists (CTL). Also you need to distribute the "Root Certificate" either by posting it on an internal server/intranet etc. Distributing the certificate is safe as long as you didn't include the private key when you exported the certificate, but you might still want to keep the distribution of your root certificate internal.


Start by copying the Certificate Authority Certificate to clients Laptop, Desktop, or PDA  by following the procedure.

Right click onthe file "MyuthServCert.cer" and click install Certificate.


Click "Next"on the welcome screen


Choose the second option and click "Browse


Click on "Show physical stores" and expand "Trusted Rood Certification Authorities" and select "Local Computer".

NOTE:- Check this particular instruction very carefully to put the cert inthe right place

Click OK, Next, and then Finish to complete.

Note that this same "Root Certificate" will works on all wireless clients. You simply need to download the "root certificate" and double tap on the file. It will prompt you to install it and click Yes or Ok and it is done.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents