04-02-2010 09:20 AM - edited 03-04-2019 08:00 AM
Do not have a Microsoft CA available on site, so I will need to generate a self-signed certificate on ACS 4.2.
When I generate this certificate do I need to install the certificate on all wireless client (domain) laptops. Also do I need to install on AD server?
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml#t21
Please advise.
Colm
Solved! Go to Solution.
04-02-2010 12:43 PM
colmgrier wrote:
Do not have a Microsoft CA available on site, so I will need to generate a self-signed certificate on ACS 4.2.
When I generate this certificate do I need to install the certificate on all wireless client (domain) laptops. Also do I need to install on AD server?
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml#t21
Please advise.
Colm
Colm
You have 2 choices -
1) deselect the "Validate Server Cerificate" on the client and then you will not need to install the certificate on the client. However this is a security risk as you are now vulnerable to man in the middle attacks
or
2) you need to install the root certificate for the ACS onto the wireless client. You can do this manually or you can use Group Policy to do it but please don't ask me how as i always just left this to the server guys You would then leave "Validate Server Cerificate" selected and you are not vulnerable to man in the middle attacks.
You don't need to install it on the AD.
Jon
Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.
04-02-2010 12:43 PM
colmgrier wrote:
Do not have a Microsoft CA available on site, so I will need to generate a self-signed certificate on ACS 4.2.
When I generate this certificate do I need to install the certificate on all wireless client (domain) laptops. Also do I need to install on AD server?
http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a00807917aa.shtml#t21
Please advise.
Colm
Colm
You have 2 choices -
1) deselect the "Validate Server Cerificate" on the client and then you will not need to install the certificate on the client. However this is a security risk as you are now vulnerable to man in the middle attacks
or
2) you need to install the root certificate for the ACS onto the wireless client. You can do this manually or you can use Group Policy to do it but please don't ask me how as i always just left this to the server guys You would then leave "Validate Server Cerificate" selected and you are not vulnerable to man in the middle attacks.
You don't need to install it on the AD.
Jon
Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.
04-07-2010 03:22 PM
Thanks Jon. Got this working.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide