WPA2 Enterprise with Windows 7

Stefan Winter stefan.winter at restena.lu
Fri Feb 20 08:03:30 CET 2015


> From what I have read I need to have a certificate for using WPA2
> Enterprise. I would prefer not having to go to each machine spread
> geographically around a fairly wide area to install a CA certificate. Is
> it possible to use a purchased certificate so that Windows 7 recognizes
> it and will connect?

You can use such a certificate, but you still need to manually mark it
as trusted for WPA2 Enterprise purposes (none of the installed CAs
qualify "autoamgically", trust is configured explicitly).

There's more to configure client-side than just install a CA certificate
or mark it as trusted. Things like anonymous outer identity are nice
features, but involve ticking the right boxes on the machines.

There are tools which do that for you. Windows group policies can do it
for Windows clients. For BYOD scenarios, web services like
https://802.1x-config.org cover a wider range of clients (free, with
some paid-for optional upgrades: https://802.1x-config.org/tour4.php ).

If your project is by any chance related to the eduroam roaming
consortium, your instance of this web service would be
https://cat.eduroam.org which has the richest feature set, entirely for
free for eduroam participants.


Stefan Winter

> I think I only need one certificate for the RADIUS server, but still
> unsure. Does it work with multiple SSID's from different AP's? What
> about redundant RADIUS servers? Do I need a certificate for each?
> I have googled and not seen anything definitive for these questions. I
> will continue to search, but hopefully someone who has this sort of
> setup working can answer those questions and I can carry on with getting
> it setup.
> Thanks
> Michael
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

PGP key updated to 4096 Bit RSA - I will encrypt all mails if the
recipient's key is known to me

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150220/5fb80824/attachment-0001.sig>

More information about the Freeradius-Users mailing list