We use the Verisign Wireless LAN Server Certificate only because we are using MS IAS for wireless authentication (It's required by IAS - If you do not go this route the IAS server will not see an available cert). We are not using WPA at present, but are using 802.1x for wireless.
BTW our recent experience is that we need to request the cert from Verisign from IE on the server itself. It installs the cert, but it still will not work until we export the cert with private keys and certificate chain, delete the cert and reimport it. In a previous life we were using freeradius/eDirectory and used a standard Verisign cert on the freeradius server. It worked well for us. I don't know if supplicant behavior regarding certs is different when using WPA Enterprise, but haven't seen much traffic on the freeradius list about specific wireless lan certs. Mearl -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Foerst, Daniel P. Sent: Tuesday, November 18, 2008 8:55 PM To: [email protected] Subject: Re: [WIRELESS-LAN] WPA and Wireless LAN Server Certificate? Hi Toivo, A couple of years ago we too were setting this up and actually ended up with the Verisign Wireless LAN Server Certificate. I didn't see any particular difference between this and a web certificate, but perhaps I don't; know what to look for. What I did encounter was that the CA verisign used to sign the cert changed / was no longer valid and their response / the only work around at the time was to configure clients to not validate the certificate. I am uncertain if this was ever resolved, but we abandoned this method of secure communications as the demand for accessing network resources was determined to be non-existent and instructing use of the wired network to those users that wanted network resource access. What is to come in the future who knows, but we are planning that this may become necessary again. Sorry I don't have any advice on the documentation. Daniel Foerst Manager, Networks & Security The Catholic University of America Washington, DC 20064 -----Original Message----- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:[EMAIL PROTECTED] On Behalf Of Toivo Voll Sent: Tuesday, November 18, 2008 2:08 PM To: [email protected] Subject: [WIRELESS-LAN] WPA and Wireless LAN Server Certificate? Until now we've been using our regular web / SSL certificate for WPA / PEAP/MSCHAP purposes, and predictably have run into the usability issues with certificate trust prompts on the client end. (We use Cisco LWAPP / Freeradius). It appears VeriSign has a specific "Wireless LAN Server Certificate," and apparently there is work done in IETF regarding WLAN specific extensions in certificates. After a fair bit of googling I've been unable to find out just what the difference between a vanilla SSL certificate and a "Wireless LAN Server Certificate" is. Presumably the WLAN certificates won't prompt for the certificate trust, but what other difference, if any, is there? Are there providers other than VeriSign for these certificates? (Thawte, for example, seems to refer back to VeriSign for such certs.) Here's the uninformative product page: http://www.verisign.com/ssl/buy-ssl-certificates/specialized-ssl-certifi cates/wireless-lan-security/ Any advice or links to documentation on the matter would be greatly appreciated. -- Toivo Voll Network Administrator Information Technology Communications University of South Florida ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- BEGIN-ANTISPAM-VOTING-LINKS ------------------------------------------------------ Teach CanIt if this mail (ID 226818403) is spam: Spam: http://canit.cua.edu/b.php?c=s&i=226818403&m=25b780db56a4 Not spam: http://canit.cua.edu/b.php?c=n&i=226818403&m=25b780db56a4 Forget vote: http://canit.cua.edu/b.php?c=f&i=226818403&m=25b780db56a4 ------------------------------------------------------ END-ANTISPAM-VOTING-LINKS ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
