07-19-2013 02:49 AM - edited 07-04-2021 12:28 AM
Hello,
Our ACS (5.2) has self signed certificate, but i don' t need to export it in the customers. They connect without certificat . Is this normal.
customers also work with certificate.
I have ACS 5.2
WLC 7.0
and AD
Thanks for your help
regards
07-19-2013 04:43 AM
If you're using PEAP MSCHAPv2 for wireless authentication with ACS configured for self-signed certificate. The users can connect without certificate because they are not validating the server certificate. This is normal but not a secure method. If you want them to validate the server certificate. If you have two options:
1.] Export the self signed certificate from ACS and install it on all the clients.
2.] Get the third-party CA certificates and install the root cert on all the clients.
In both the options, you've to check validate server certificate option on the client under Wirless 802.1x properties.
I'm providing few configuration examples for the same. You may go through it to have better understanding.
PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080b4cdb9.shtml
Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients
~BR
Jatin Katyal
**Do rate helpful posts**
07-19-2013 05:56 AM
It"s OK,
but if someone come with it's own computer, he can connect to wireless, if he know a login/password.
I thought the certificate would be to install an additional security.
Thank you for you request, and sorry for my poor english.
Regards
07-19-2013 07:57 AM
In order to prevent that you've 2 options
1.] Enable Peap with MAR- Machine access restriction (Machine and user authentication)
2.] Enable EAP-TLS where everyone should have unique user certificate.
~BR
Jatin Katyal
**Do rate helpful posts**
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide