Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PEAP Certificates

When using PEAP does the certificate that you are using have to be a "real" certificate (i.e. purchased from a CA like Verisign) or can you use a certificate created by the certificate manager in Win2k Server?

Thanks

3 REPLIES
New Member

Re: PEAP Certificates

Protected EAP (or PEAP)PEAP authentication is designed to support One-Time Password (OTP), Windows NT or 2000 domain, and LDAP user databases over a wireless LAN. It is based on EAP-TLS authentication but uses a password or PIN instead of a client certificate for authentication. PEAP is enabled or disabled through the operating system and uses a dynamic session-based WEP key, which is derived from the client adapter and RADIUS server, to encrypt data. If your network uses an OTP user database, PEAP requires you to enter either a hardware token password or a software token PIN to start the EAP authentication process and gain access to the network. If your network uses a Windows NT or 2000 domain user database or an LDAP user database (such as NDS), PEAP requires you to enter your username, password, and domain name in order to start the authentication process.

for more details on configuration check the following URL

http://www.cisco.com/en/US/products/hw/wireless/ps4555/products_installation_and_configuration_guide_chapter09186a008007f858.html#xtocid23

New Member

Re: PEAP Certificates

You do NOT have to use a purchased certificate for PEAP to function. However, the PEAP client must be able to validate the Certificate chain. Once option which I used for testing was to install Microsoft CA (standalone root) and then submit the CSR from ACS to the CA. Once the CA has accepted the CSR, the user must download the certificate to the ACS server and install it. In order for the client to verify the the Certificate chain, the root CA certificate (optained from the Microsoft standalone root CA that you installed) must be installed on ALL clients that wish to be authenticated using PEAP.

Hope this helps

New Member

Re: PEAP Certificates

Yes, thank you...

169
Views
0
Helpful
3
Replies
CreatePlease login to create content