Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1014
Views
0
Helpful
3
Replies

PEAP Certificates

nagle
Level 1
Level 1

‎01-28-2003 07:18 AM - edited ‎07-04-2021 08:28 AM

When using PEAP does the certificate that you are using have to be a "real" certificate (i.e. purchased from a CA like Verisign) or can you use a certificate created by the certificate manager in Win2k Server?

Thanks

Labels:
0 Helpful
3 Replies 3

s-doyle
Level 8
Level 8

‎02-03-2003 09:19 AM

Protected EAP (or PEAP)PEAP authentication is designed to support One-Time Password (OTP), Windows NT or 2000 domain, and LDAP user databases over a wireless LAN. It is based on EAP-TLS authentication but uses a password or PIN instead of a client certificate for authentication. PEAP is enabled or disabled through the operating system and uses a dynamic session-based WEP key, which is derived from the client adapter and RADIUS server, to encrypt data. If your network uses an OTP user database, PEAP requires you to enter either a hardware token password or a software token PIN to start the EAP authentication process and gain access to the network. If your network uses a Windows NT or 2000 domain user database or an LDAP user database (such as NDS), PEAP requires you to enter your username, password, and domain name in order to start the authentication process.

for more details on configuration check the following URL

http://www.cisco.com/en/US/products/hw/wireless/ps4555/products_installation_and_configuration_guide_chapter09186a008007f858.html#xtocid23

0 Helpful

grshaw
Community Member

‎02-18-2003 11:27 PM

You do NOT have to use a purchased certificate for PEAP to function. However, the PEAP client must be able to validate the Certificate chain. Once option which I used for testing was to install Microsoft CA (standalone root) and then submit the CSR from ACS to the CA. Once the CA has accepted the CSR, the user must download the certificate to the ACS server and install it. In order for the client to verify the the Certificate chain, the root CA certificate (optained from the Microsoft standalone root CA that you installed) must be installed on ALL clients that wish to be authenticated using PEAP.

Hope this helps

0 Helpful

nagle
Level 1
Level 1
In response to grshaw

‎02-19-2003 05:04 AM

Yes, thank you...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card