cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

RADIUS Authentication with WPA2-Enterprise

Comes here often

RADIUS Authentication with WPA2-Enterprise

SO I've a few questions:

I'm trying to set this up and i'm running in to issues that require trust and certificates.

 

All my servers are on servername.company.local.

 

My understanding is I need a certificate from a public CA if I want to avoid trust issues? is that correct?

 

But I don't think I can buy a certificate for .local.

What should I do to get this to work?

I currently have a self signed cert, but prompts and asks for trust on iOS and also prompts on windows about making sure its ok and do you want to continue.

3 REPLIES 3
Getting noticed

Re: RADIUS Authentication with WPA2-Enterprise

I run a Public Cert and we still get prompted on allowing the cert on iOS.  The CA is in the Trusted CA list for Apple as well.  The intermediate certs are the problem I believe. Haven't had time to dig through and find a solution.

 

Kind of a big deal

Re: RADIUS Authentication with WPA2-Enterprise


@joemailey wrote:

 

My understanding is I need a certificate from a public CA if I want to avoid trust issues? is that correct?

 


More accurately, you need a certificate (or certificate chain) that your devices trust. This can be your own private CA, but then you need to have your Private CA's cert installed as a trusted root on your client devices. 

Kind of a big deal

Re: RADIUS Authentication with WPA2-Enterprise

Assuming you are using Active Directory; it is common to deploy Microsoft CA server.  This will create a group policy that causes all your clients to trust its root certificate.

 

You can also great your own group policy to trust any root certificate that you want to use for WiFi.  Note that the RADIUS server can not use a self signed certificate - it needs to be signed by a seperate root certificate.  You can also use group policy to auto-configure the WiFi settings.

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.