https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474193#M25921 <HTML><HEAD></HEAD><BODY><P>With PEAP, no. Not without an additional component that would check for a client-side cert and reject the authorization. </P><P></P><P>PEAP does not use or check client side certificates.</P><P></P><P>Good Luck</P><P></P><P>Scott</P><P></P></BODY></HTML> Sat, 03 Dec 2005 16:23:19 GMT scottmac 2005-12-03T16:23:19Z https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474186#M25914 <P>Hi all,</P><P></P><P>I have ACS configured to authenticate wireless users using &#147;Cisco PEAP&#148; with server certificate and the data base from Active Directory.</P><P>The problem I&#146;m facing is the users can be authenticated without installing the server certificate.</P><P></P><P>Is it normal?? Or Is there an option in the ACS to reject any authentication request from any user who doesn&#146;t have the certificate installed in his wireless device??</P><P></P><P>please respond ASAP guys.</P><P></P><P>thaknks alot</P> Sun, 04 Jul 2021 18:22:41 GMT https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474186#M25914 alahmadi_sami 2021-07-04T18:22:41Z https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474187#M25915 <HTML><HEAD></HEAD><BODY><P>PEAP only uses a certificate on the ACS side of the connection. </P><P></P><P>EAP-TLS requires the use of certificates on both Server and Client.</P><P></P><P>Windows clients, if I'm recalling correctly, have a checkbox in the wireless configuration for whether or not you want the client to verify the server's certificate</P><P></P><P>Good Luck</P><P></P><P>Scott</P><P>. </P></BODY></HTML> Sun, 27 Nov 2005 15:17:34 GMT https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474187#M25915 scottmac 2005-11-27T15:17:34Z https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474188#M25916 <HTML><HEAD></HEAD><BODY><P>thanks for your reply scott,</P><P></P><P>but is there a way to force the windows client to install the certificate, otherwise he can't login?</P><P></P><P>i wanna do this to ensure the client is talking to the right ACS server and encrypt his data.</P><P></P><P></P></BODY></HTML> Mon, 28 Nov 2005 05:34:04 GMT https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474188#M25916 alahmadi_sami 2005-11-28T05:34:04Z https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474189#M25917 <HTML><HEAD></HEAD><BODY><P>then you have to make it over the AD policy i think, but its the same with the ssl web sites you can trust the ca or you can set the browser to trust everything.</P><P></P><P>regards bernhard</P></BODY></HTML> Mon, 28 Nov 2005 09:56:06 GMT https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474189#M25917 BERNHARD FIEGLMUELLER 2005-11-28T09:56:06Z https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474190#M25918 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>PEAP uses a server side certificate, not client. If client certificates are what you desire you may need to look at EAP-TLS or another method. Hope this helps.</P><P>g</P><P></P></BODY></HTML> Tue, 29 Nov 2005 00:27:08 GMT https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474190#M25918 gtwhaley 2005-11-29T00:27:08Z https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474191#M25919 <HTML><HEAD></HEAD><BODY><P>Thanks guys for your support and help,</P><P></P><P>I know PEAP is a server side certificate, what i want to know is:</P><P></P><P>Is it possible to reject any authentication request from any client who doesn&#146;t install the server certificate? If Yes, ... How??</P><P></P><P>I hope it is clear now guys <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P>Waiting for your reply</P><P></P></BODY></HTML> Tue, 29 Nov 2005 07:10:08 GMT https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474191#M25919 alahmadi_sami 2005-11-29T07:10:08Z https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474192#M25920 <HTML><HEAD></HEAD><BODY><P>any update guys?</P></BODY></HTML> Sat, 03 Dec 2005 05:54:14 GMT https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474192#M25920 alahmadi_sami 2005-12-03T05:54:14Z https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474193#M25921 <HTML><HEAD></HEAD><BODY><P>With PEAP, no. Not without an additional component that would check for a client-side cert and reject the authorization. </P><P></P><P>PEAP does not use or check client side certificates.</P><P></P><P>Good Luck</P><P></P><P>Scott</P><P></P></BODY></HTML> Sat, 03 Dec 2005 16:23:19 GMT https://community.cisco.com/t5/wireless/peap-work-without-a/m-p/474193#M25921 scottmac 2005-12-03T16:23:19Z