03-21-2018 03:07 AM - edited 07-05-2021 08:24 AM
All
We are using psk for our wireless corporate ssid (internal) which I want to change to certificate based
Can i
- install this using Win Server 2016?
- Install self signed cert or need something from Globalsign or Verisign?
- what precautions do i need to take?
- any blogs explaining how to do this?
- can this be implemented on Meraki, if yes how?
Sorry first post - excuse me:)
Thanks
Solved! Go to Solution.
03-22-2018 08:06 AM
03-21-2018 03:33 AM
Meraki actually have some really good documentation on this:
- install this using Win Server 2016?
Yes you can use NPS within server 2016
- Install self signed cert or need something from Globalsign or Verisign?
You can test with self signed to start with (requires client to manually trust it or import to the trusted certificates location). If all your devices are controlled through something like group policy then you don't need to buy a certificate from a third party as you can simply deploy the certificate through group policy. If you want all devices to trust it by default without controlling them then you may want to look at a third party certificate, yes.
- what precautions do i need to take?
Never give out the private key for your certificate, even if it is just a self signed one.
- any blogs explaining how to do this?
See link above
- can this be implemented on Meraki, if yes how?
See link above
Ric
03-21-2018 03:56 AM
Thanks very much for quick reply
Yes planning to use NPS and roll out using Group Policy
But for my understanding, when do you use self signed cert and when do you use 3rd party cert?
I would like the cert to be issued per user name and not machine level - is this doable? if yes any blogs how to do it?
Thanks
03-21-2018 04:07 AM
03-22-2018 08:03 AM
Thanks for this
so if I go with PEAP MSCHAPv2, I can use this certificate on all machines but with user credetials?
Whereas EAP TLS - the certificate is generated per user, is my understanding right?
03-22-2018 08:06 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide