Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Do you use PEAP w/ server validation on 792X phones?

Hello,

I'm just wondering if anyone else uses PEAP with server validation on 7921 and 7925 phones.

If you do what kinds of problems or administrative issues have you faced?

Currently we use this method but we are looking at either getting rid of the server validation or reconfiguring each and every phone to trust a private CA that we own. (We would also obviously install a cert signed by that CA onto the ACS server doing the RADIUS for the phones).

Right now the cert that is on the ACS servers is signed by GoDaddy. The phones all have the intermediate cert bundle and the root cert on them. This works just fine. However in my research I've found that the intermediate certificates might be changed out randomly at a whim, so when we go to renew this certificate with GoDaddy it could be possible none of the phones will trust the ACS server anymore.

So what does everyone think about this?

Is it a good idea to change the type of cert we are using to the private CA?

Would it be better to just give up on using server validation?

Or am I just being paranoid about GoDaddy changing out their intermediate certs?

I just looked at their public key store page and the same ones are still used and are valid that they used about a year ago to sign the cert we bought from them.

Thanks.

204
Views
0
Helpful
0
Replies
CreatePlease to create content