https://community.cisco.com/t5/network-access-control/peap-self-signed-certificate/m-p/589146#M426962 <P>i have CS ACS SE and i want to run peap for widnows EAP-MSCHAPv2 what is the correct CA in the trusted root certification Authorities list i ahve to choos in windows client </P><P></P> Sun, 10 Mar 2019 21:38:33 GMT aalsayed 2019-03-10T21:38:33Z https://community.cisco.com/t5/network-access-control/peap-self-signed-certificate/m-p/589146#M426962 <P>i have CS ACS SE and i want to run peap for widnows EAP-MSCHAPv2 what is the correct CA in the trusted root certification Authorities list i ahve to choos in windows client </P><P></P> Sun, 10 Mar 2019 21:38:33 GMT https://community.cisco.com/t5/network-access-control/peap-self-signed-certificate/m-p/589146#M426962 aalsayed 2019-03-10T21:38:33Z https://community.cisco.com/t5/network-access-control/peap-self-signed-certificate/m-p/589147#M426965 <HTML><HEAD></HEAD><BODY><P>You need to look for a certificate name that was kept at the time to generating self sign cert.</P><P></P><P></P></BODY></HTML> Tue, 27 Jun 2006 13:52:59 GMT https://community.cisco.com/t5/network-access-control/peap-self-signed-certificate/m-p/589147#M426965 Jagdeep Gambhir 2006-06-27T13:52:59Z https://community.cisco.com/t5/network-access-control/peap-self-signed-certificate/m-p/589148#M426969 <HTML><HEAD></HEAD><BODY><P>Did that mean i have to copy the certificate whihc i genertaed and install it in eahc client to be shown in the list </P><P>or haw i can shaw it in list without installing it </P><P></P></BODY></HTML> Wed, 28 Jun 2006 08:34:24 GMT https://community.cisco.com/t5/network-access-control/peap-self-signed-certificate/m-p/589148#M426969 aalsayed 2006-06-28T08:34:24Z https://community.cisco.com/t5/network-access-control/peap-self-signed-certificate/m-p/589149#M426972 <HTML><HEAD></HEAD><BODY><P>Yes, you need to install the cert on each client. However if you want to avoid installing it on each client then we need to make sure"Validate Server</P><P>Certificate" option under PEAP properties on client is UNCHECKED.</P></BODY></HTML> Wed, 28 Jun 2006 11:47:05 GMT https://community.cisco.com/t5/network-access-control/peap-self-signed-certificate/m-p/589149#M426972 Jagdeep Gambhir 2006-06-28T11:47:05Z https://community.cisco.com/t5/network-access-control/peap-self-signed-certificate/m-p/589150#M426974 <HTML><HEAD></HEAD><BODY><P>The client needs the root certificate of the CA. Hence if you are using certificates from Verisign or something similar then your client (Windows) already has the root cert.</P><P></P><P>But if you are using your own Ms. CA then you can push certificates through Active Directory. That way manual installation can be eliminated.</P><P></P><P>Otherwise either manual installation or unchecking "Validate Server Certificate" are the only options.</P></BODY></HTML> Wed, 05 Jul 2006 04:47:57 GMT https://community.cisco.com/t5/network-access-control/peap-self-signed-certificate/m-p/589150#M426974 viveksantuka 2006-07-05T04:47:57Z