https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286922#M11380 <HTML><HEAD></HEAD><BODY><P>Yes, you should be able to use any valid cert, signed or not. </P><P></P><P></P><P>Good Luck</P><P></P><P>Scott</P><P></P></BODY></HTML> Wed, 25 Aug 2004 12:10:34 GMT scottmac 2004-08-25T12:10:34Z https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286921#M11379 <P>Can I use instead of signed certificate from certificate authority (example verisgn) or from my own CA use an UNsigned certifcate (like what I can do with the wlse for ssl) for a proper working PEAP environment?</P><P></P><P>any input is very welcome</P><P></P> Sun, 04 Jul 2021 16:55:37 GMT https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286921#M11379 o-ziltener 2021-07-04T16:55:37Z https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286922#M11380 <HTML><HEAD></HEAD><BODY><P>Yes, you should be able to use any valid cert, signed or not. </P><P></P><P></P><P>Good Luck</P><P></P><P>Scott</P><P></P></BODY></HTML> Wed, 25 Aug 2004 12:10:34 GMT https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286922#M11380 scottmac 2004-08-25T12:10:34Z https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286923#M11381 <HTML><HEAD></HEAD><BODY><P>On the server side, you'll be fine; you can install anything you want. And a well-behaved client will give the user to view and accept or reject the server certificate if it doesn't recognize the root.</P><P></P><P>However, not all clients are well-behaved. For some, you may need to manually install the server certificate into the client before attempting to authenticate against it. This isn't an insurmountable roadblock but it is an inconvenience.</P></BODY></HTML> Thu, 26 Aug 2004 12:47:53 GMT https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286923#M11381 gamccall 2004-08-26T12:47:53Z https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286924#M11382 <HTML><HEAD></HEAD><BODY><P>Just curious - what is an "unsigned cert"? I know of an X.509 cert (which is signed) but have not heard of an unsigned cert before. </P><P></P><P>Thanks,</P><P></P><P>michael</P></BODY></HTML> Wed, 01 Sep 2004 07:32:29 GMT https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286924#M11382 michaelr 2004-09-01T07:32:29Z https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286925#M11383 <HTML><HEAD></HEAD><BODY><P>He should properly have said "self-signed" rather than "unsigned"... a cert issued by a server with no upstream certification path back to Verisign or other generally-recognized authority.</P></BODY></HTML> Wed, 01 Sep 2004 14:09:40 GMT https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286925#M11383 gamccall 2004-09-01T14:09:40Z https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286926#M11384 <HTML><HEAD></HEAD><BODY><P>an unsigned cert is a cert which you produce yourself and not comes from versign or other authority! </P></BODY></HTML> Wed, 01 Sep 2004 19:49:34 GMT https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286926#M11384 o-ziltener 2004-09-01T19:49:34Z https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286927#M11385 <HTML><HEAD></HEAD><BODY><P>So it sounds like you are actually talking about a cert not signed by an "official CA" (i.e., a CA whose cert is not pre-loaded into the browsers)?</P><P></P><P>Thanks.</P><P></P></BODY></HTML> Sat, 04 Sep 2004 03:29:00 GMT https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286927#M11385 michaelr 2004-09-04T03:29:00Z https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286928#M11386 <HTML><HEAD></HEAD><BODY><P>That's correct. It's OK for verifying a qualified client, but it offers no assurance to people that the server offering / using the cert has been publicly identified and certified as who they say they are. </P><P></P><P>OK for client authentication, bad for a web site that may ask for credit card info. </P><P></P><P>FWIW</P><P></P><P>Scott</P><P></P></BODY></HTML> Sat, 04 Sep 2004 21:13:14 GMT https://community.cisco.com/t5/wireless/unsigned-cerficate-on-acs-for-p-eap/m-p/286928#M11386 scottmac 2004-09-04T21:13:14Z