05-17-2019 01:54 PM
The certificates on my ISE servers expire at the end of June. I have two nodes that are doing authentication. The certificates will be used for EAP and wireless. We have a windows PKI setup and will be getting the certificates from that server.
If my client machines have the Root and Intermediate cert do they need the cert that is installed on the ISE servers for EAP as well? The current cert doesnt appear on the windows machines.
Solved! Go to Solution.
05-17-2019 02:22 PM
Usually not required. Please check the settings for [ ] Verify the server's identity by validating the certificate and Trusted Root Certificate Authorities in the EAP properties of the Windows supplicants. They might have been defined and enforced via a GPO. See Certificate issues with RADIUS connection on W10 clients
05-17-2019 02:22 PM
Usually not required. Please check the settings for [ ] Verify the server's identity by validating the certificate and Trusted Root Certificate Authorities in the EAP properties of the Windows supplicants. They might have been defined and enforced via a GPO. See Certificate issues with RADIUS connection on W10 clients
05-21-2019 03:57 AM
Windows and Android can be made to relax the rule to not care about the Radius server cert. But just because you can do this doesn't mean it's a good idea. In fact it's a very bad idea. You're allowing someone to perform a man in the middle attack by potentially spoofing the Radius server (with the hacker's, since your clients don't care to whom they are connecting). Bad news in my opinion.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide