RE: Radius certificate length vs. onboarding opinions

2017-10-31 Thread Osborne, Bruce W (Network Operations)
We currently use Option 3, but the clients only trust the certificate CHAIN, not the server certificate itself. This lets us replace the server certificate providing the chain remains the same. This worked fine for us for several years with a 1 year server certificate. Unfortunately, we have

IOS 11 problem with eap-mschapv2/peap authentication

2017-10-31 Thread Linchuan Yang
Dear All Good morning. All of our IOS users start having authentication problem after they upgrading to IOS 11. The devices keep asking the user name and password. The only way we can fix for now is that “forget” the old profile, and manually create a new one, after trusting the certificate,

RE: [WIRELESS-LAN] Big flaw in WPA2

2017-10-31 Thread Chris Toth
Has anyone implemented this workaround and heard any negative feedback regarding wireless quality? It seems changing the retries down to 0 would result in more dropped sessions and the appearance of a flakier network and possibly triggering more client exclusions? Chris Toth Senior Network

Re: [WIRELESS-LAN] Radius certificate length vs. onboarding opinions

2017-10-31 Thread Walter Reynolds
We use SecureW2 JoinNow and the actually recommend option 2. Still the security vs. simplicity for users. We are using option 3 and the last change in certificate we had overall went pretty well. We did try hard to get some media out there to notify users as well as worked with the help desk

Re: [WIRELESS-LAN] IOS 11 problem with eap-mschapv2/peap authentication

2017-10-31 Thread Becker, Jason
We are seeing the same issue here on our Cisco deployment. I've been telling users to reboot or forget it and reconnect unfortunately. After this they've been good, but I see your point with several certs. Jason From: The EDUCAUSE Wireless Issues

Re: [WIRELESS-LAN] IOS 11 problem with eap-mschapv2/peap authentication

2017-10-31 Thread Cappalli, Tim (Aruba Security)
Just curious. Why aren't you using the same EAP server certificate across all of your RADIUS servers? From: The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Linchuan Yang Reply-To: The EDUCAUSE Wireless

Re: Radius certificate length vs. onboarding opinions

2017-10-31 Thread Richard Nedwich
Hi Craig, I'm not sure if anyone from Cloudpath already advised you, but I did forward your question to Kevin Koster, Cloudpath Founder and Chief Architect, for his opinion of the pros/cons of these options. I thought I would share them, in case this forum found it useful. Best, Rich

Re: [WIRELESS-LAN] Radius certificate length vs. onboarding opinions

2017-10-31 Thread James Andrewartha
The maximum for a public certificate is changing on 1 March 2018 to 27 months, with suggestions that it might drop down to 13 months later on: https://www.digicert.com/shortening-validity-periods-for-ov-dv-certificates/