(RADIATOR) Radiator + Verisign Certificates + Client Behaviour
Cottrell, Charles P.
cottrell at musc.edu
Thu Apr 24 10:41:15 CDT 2008
Greetings list moderators and subscribers! I am having (perceived) issues with a Verisign certificate and wireless clients, and am hoping someone can help steer me in the right direction, or affirm that I am on the path.
Currently we are bringing up a WPA/WPA2 network using PEAP and MSChap-V2. We have purchased a Verisign certificate. So far we've been successful at connecting (with native clients) on XP, Vista, and OSX, and using Juniper's Odyssey client on XP. The perceived 'catch', in my opinion, is that on all of these platforms the root cert must be specifically selected before connecting (in the XP and Vista native clients) or accepted when prompted (OSX native and Odyssey on XP). I thought that by using a Verisign cert that the cert portion of the connection would be seemless, like connecting to a website that uses a Verisign cert as opposed to self-signed or some other relatively unknown cert vendor. However, this does not appear to be the case. And when specifying which root cert to use, I do not have to install the root cert, only select it from a list of already installed root certs.
So, my question is this: what is the proper behavior of the client? Will it always be necessary to define or accept the cert from the client side (even if I have a well known cert), or have I improperly configured Radiator (or maybe incorrectly created the PEM files)? If it is an improper configuration or creation of the PEM files, what can I do?
The final goal is this: to have a WPA/WPA2 network that is broadcast and secured with the Verisign Cert. A client can see this network in the list of available wireless networks, connect to it, and only be prompted for login credentials. I would prefer that users not have to setup the network and define all the settings.
Thanks for any help!
Charles P. Cottrell
Network Administrator
Medical University of South Carolina
843.792.9938
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20080424/0e12f5d5/attachment.html>
More information about the radiator
mailing list