802.1X with PEAP

kamarale · ‎06-14-2012

Hello, If I want to use 802.1X with PEAP,is it enough with the self-signed certificate that cames the ACS(for example for https)? Or I need other certificate in the ACS?

Thanks in advance

Regards

mauzamor · ‎06-14-2012

Hi there,

The ACS 4.x and 5.x has the option to generate the self-signed certificate which can be used for PEAP connections. If you want to use the feature called "Validate server certificate" in the client side, you only need to export the self-signed certificate and install it in the client side (PC).

If what you have is an ACS 5.x you have the option to generate the self-signed for management or EAP, in this case you need to select EAP.

If what you have is an ACS 4.x then you can skip the previous step, the same certificate should work.

Let me know if it helps.

kamarale · ‎06-14-2012

Hello ,thanks for the reply.

If I dont use the "Validate server certificate" in the client, it´s not very secure right?

Another question, so I can just generate another self-signed certificate in the ACS and use PEAP without problems? I don´t need to deploy a CA(for example with windows server) right?

Thanks very much.

mauzamor · ‎06-14-2012

Alexis,

That's correct, for PEAP you don't need an external CA. The ACS server is capable to generate certificates for your PEAP wired or wireless connections.

Well it's more secure to use the "Validate server certificate" option, however even though if you are not implementing this feature, the users still will need to have a valid username/password to get authenticated.

Rate if it helps!

kamarale · ‎06-15-2012

HThanks very much