Re: IAS/PEAP Certificate

From: James McIllece [MS] (jamesmci_at_online.microsoft.com)
Date: 09/07/04

  • Next message: James McIllece [MS]: "Re: Issues with IAS and Verisign Cert" 
    Date: Tue, 07 Sep 2004 12:47:26 -0700

    "=?Utf-8?B?TWVybGludG9jcw==?=" <Merlintocs@discussions.microsoft.com>
    wrote in news:414CE535-F742-4942-9C68-4B504FE85258@microsoft.com:

    > I am trying to set up IAS in Windows Server 2003 using Cisco APs and
    > PEAP authentication. Is it possible to do this with a certificate we
    > create in-house or must the cert be from Verisign?
    >
    > Thanks.
    >

    You definitely can deploy your own PKI with certificates. When you do this,
    you must enroll the certificate of the trusted root CA on client computers.
    When your trusted root CA certificate is in the Trusted Root Certification
    Authorities store on clients, the clients will trust the Server
    Authentication cert sent by your IAS server to authenticate itself.

    The main reason people use certs from Verisign and other companies is that
    the clients already trust these CAs, since Windows comes with the trusted
    root CA cert in that store.

    But deploying your own PKI and CA has advantages too.

    Some organizations take a dual-pronged approach: they deploy PEAP with
    Verisign (or other) certs while designing and testing their own PKI; then
    when they roll out their own PKI they stop using the Verisign certs for
    server authentication.

    Here are some documentation resources for you:

    "Enterprise Deployment of Secure 802.11 Networks Using Microsoft Windows"
    at http://www.microsoft.com/windowsserver2003/technologies/ias/default.mspx

    Public Key Infrastructure for Windows Server 2003 - Technology Center
    http://www.microsoft.com/windowsserver2003/technologies/pki/default.mspx 

    -- 
James McIllece, Microsoft
Please do not send email directly to this alias.  This is my online account 
name for newsgroup participation only.
This posting is provided "AS IS" with no warranties, and confers no rights.
  • Next message: James McIllece [MS]: "Re: Issues with IAS and Verisign Cert"

    Relevant Pages

    • Re: Certificate for Exchange and ISA.
      ... I ordered a trial cert from Verisign. ... Published server certificate error Error details: ...
      (microsoft.public.isa.publishing)
    • Re: Guide for Secure communication between client and TS
      ... If you get a certificate from a well-known CA such as Verisign then there is ... My question then is that if I get a cert from Verisign will the client ... The clients all work from home so that is why I am asking. ...
      (microsoft.public.windows.terminal_services)
    • Re: SSL Certificate Chaining
      ... > So, we'd like to chain our cert off a Verisign cert that we purchase, so ... All you have to do is to purchase a SSL server ... You could also buy a much cheaper e-mail protection certificate, ...
      (comp.security.misc)
    • SSL on OWA
      ... We currently have a cert from verisign to enable ssl for our OWA ... We are in the process of setting up Windows 2000 Certificate ...
      (comp.security.misc)
    • SSL on OWA
      ... We currently have a cert from verisign to enable ssl for our OWA ... We are in the process of setting up Windows 2000 Certificate ...
      (comp.security.ssh)
    • Quantcast