Need solution for Wireless LAN security using PEAP. I'd like to hear from some experts on this.
1) If I set up a Microsoft certificate authority in my Windows 2003 domain, would the workstations automatically trust certificates issued by this CA or would I need to download the root certificate into each workstation? If it's the latter, I'm guessing an automatic deployment via AD is possible?
2) Is setting up a certificate authority a more secure option than simply self signing a certificate using a tool included in IIS resource tools called SelfSSL. I mean the private kay wouldn't be distributed ever so why should it be insecure compared to setting up an internal CA?
So you suggest setting up an internal certificate authority. Right?
Do you have any experience and documents at that same URL which goes into setting up a CA infrastructure? My client has a few offices globally and seems keen to set up a CA server in each office. I think that's a good idea so that if a WAN link were to go down, a local CA server would be able to authenticate users
I'm trying to find out what kind of server roles I need to install with Microsoft CA. I know there is an Enterprise root CA, enterprise sub-ordinate CA, stand-alone root & sub-ordinate CA and need to study that to implement this.
I've been doing research all day long about two-tier PKI infrastructure models, etc. However, since I'll only be issuing certificates to my ACS servers, do I really need more than a single certificate server?
It's a global organization with 3 offices and an ACS server at each office. I'm guessing clients only need to contact the CA server at renewal time and not otherwise. Hence, can I simply make do with a single root CA and a sub-ordinate backup CA?
If your using peap, only the acs servers need a signed certificate. The users need a ca certificate so your correct setting up multiple ca's is not usefull document on configuring an ms certificate server:
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...