The key here is to trust the CA certificate, not the server certificate. That
way you can renew the server certificate with the same CA and not need to
update the clients.
Unfortunately, we are going to have the pain of changing CAs here at Liberty :(.
Bruce Osborne
Network Engineer
IT
A lot of this depends on the type of authentication that the captive portal
can support. If the captive portal sends the auth type and it is already
configured in your server/virtual server as mentioned then it will use it.
Walter Reynolds
Principal Systems Security
We planned to move to a psk ssid but have heard that it is possible to decrypt this traffic if you have the key and watch the 4 way handshake to get the key between the ap and device.
Has anyone run into this or been able to do this?
**
Participation and subscription
Jason,
Your subject mentions WPA2-enterprise, and the body of your text mentions PSK.
If you move your infrastructure to WPA2-PSK, yes if someone watches the 4 way
handshake they can get the key between AP and device for
all people on the WPA2-PSK network.
With WPA2-enterprise it is more
ThanksPhilippe, we currently are using 802.1x and meant to just ask about the psk.
Thanks!
From: Hanset, Philippe C phan...@utk.edu
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Date: Thursday, April 18, 2013 4:28 PM
To: