On 2/20/2015 2:03 AM, Stefan Winter wrote:
Hello,
From what I have read I need to have a certificate for using WPA2 Enterprise. I would prefer not having to go to each machine spread geographically around a fairly wide area to install a CA certificate. Is it possible to use a purchased certificate so that Windows 7 recognizes it and will connect? You can use such a certificate, but you still need to manually mark it as trusted for WPA2 Enterprise purposes (none of the installed CAs qualify "autoamgically", trust is configured explicitly).
Okay, so if I need to touch every computer anyway there is no real advantage to getting a commercial certificate.
There's more to configure client-side than just install a CA certificate or mark it as trusted. Things like anonymous outer identity are nice features, but involve ticking the right boxes on the machines. My main purpose is for logging of what AP is being used by what device and when. There are several laptops running Windows 7 and/or 8 which are not on a domain so group policies are not an option. There are also a number of BlackBerry smartphones which I can control from the management server. For those I should be able to push out a certificate and send the updated WiFi configuration to them automatically. The AP's are various D-Link routers running DD-WRT. I put together a test setup, but I had to jump through some hoops to get a Windows 7 machine to connect, but that was because of the cert not being recognized.
I guess my next step is to generate a CA cert etc.
There are tools which do that for you. Windows group policies can do it for Windows clients. For BYOD scenarios, web services like https://802.1x-config.org cover a wider range of clients (free, with some paid-for optional upgrades: https://802.1x-config.org/tour4.php ).
If your project is by any chance related to the eduroam roaming consortium, your instance of this web service would be https://cat.eduroam.org which has the richest feature set, entirely for free for eduroam participants. Nope, not eduroam.
Thanks, Michael