Hi,

I'm setting up PEAP according to this document

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml

I have AP1231 and ACS vers 3.3 and I have set ACS up with a valid certificate from Thawte.

My question is: Do I need to follow this procedure even when using a valid certificate?:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml#auto

Qoute:

Configuring MS Certificate Machine Autoenrollment

Follow the steps below to configure the domain for automatic machine certificate enrollment on domain controller Kant.

Go to Control Panel > Administrative Tools > Open Active Directory Users and Computers.

Right-click on domain sec-syd and select Properties from the submenu.

Select the Group Policy tab. Click Default Domain Policy, and then click Edit.

Go to Computer Configuration > Windows Settings > Security Settings > Public Key Policies > Automatic Certificate Request Settings.

On the menu bar, go to Action > New > Automatic Certificate Request and click Next.

Select Computer and click Next.

Check the CA.

In this example, the CA is named "Our TAC CA."

Click Next, and then click Finish.

Unqoute

This probarly a valid procedure when your ACS is installed on a domain controller with self-signed certifiate, but what to do when using a valid certificate from Thawte and the ACS is a member server?

best regards rolf