Windows internet validating identity

We're deploying a wireless networking using Windows Server 2008 NAC as a RADIUS server.

windows internet validating identity-47

In order to enable the client to connect we have to add the network manually and un-check the "Validate server certificate" as shown in the screenshot below.

Does anyone know of a way to avoid having to do this?

If you do go this route, make sure you document for CYA purposes.

From a security standpoint the best option is setup a captive portal.

How to view your ECA Certificates in Internet Explorer: This quick Tutorial is for customer service purposes only.

Symantec is not responsible for customer connections to the Do D websites, only the proper installation of the ECA Certificate that will grant customers part of the validation required to access the sites.

It's not a recommended configuration to have a external root CA sign your RADIUS server's certificate.

This is from the Free RADIUS documentation but I expect it is equal valid for the Microsoft implementation: In general, you should use self-signed certificates for 802.1x (EAP) authentication.

I know this post is really old, however, this is similar to my issue except that last week, any client could connect to my wireless network and this week they can not. The windows/android/iphone clients were able to connect with 802.1x verifying against a local, Aruba based database of one user name.

This week when I get in, I notice that my phone can not connect to the wireless.

Choose the certificate you just installed (according to the validity dates on the certificate) and click OK.

Tags: , ,