i'm tryin to get the certificate setup for the peap authentication for wireless clients.i installed the certificate according, enabled peap/tls authenticatiion, checked the certificate trust lists.
i was able to connect to the server without the certificate installed.then downloaded the server certificate for peap server authentication.selected it for authentication in the client software(lenovo/ibm access connection)and now the profile doesn connect..
is there any special steps when installing the certificate, cause even TLS with only user certificate(unchecked server certificate) authentication works..
Are you using self sign certs? If yes then you don't need server certificate on client. Server cert is only installed on radius. If you are using MS certs or any other 3rd party certs then you need to install CA on the client.
Self signed cert is only used for the server cert.
Pls rate helpful posts
thanks for the reply..
i'm using ms cert authority..i'm downloading the server cert into client machine using http://
once i select the certicate also, the PEAP profile fails to connect.PEAP profile w/o certificate connects properly.also in acs all the settings look proper according to all the documentation..i feel its something related to certificates..
yes u a right the ca certificate is optional in the client. i guess i mentioned server certificate instead of ca certificate for client..actually we mention certs downloaded from ms cert service webpage as server cert and user cert.
i installed the ca certificate on the client as in step 16 and when i try to connect with this certificate option checked, the peap connection fails.
also the document is very good.i had got all the info in this document from diff websites, not all at one place..please do tell where u got this document from..
This doc is not available on any site. This was made by one of my senior engineer Bradley. W.Mountford. Hats of to Brad
Good to know that you find it handy.
Please mark it resolved to other can benefit from it.
acutally i'm still facing the issue. still not able to connect with certificate installed..dont know wat am doin wrong..anyways hope to resolve soon..
nope..i guess its something wrong in the way i'm installing the certificate in the servre machine..i'm facing similar issue with odyssey client..also tried creating a template for server authentication(copied from web server template) and installing on the server..no luck yet..
You can try this:
When installing the certificate, choose:
- Place all certificates in the following sthore:
- Check "Show physical stores"
- Expand the store you want to use
- In the store, choose Local Computer
We use it this way, so every user of the computer has rights to use the certificate.