Questions

EAP-TLS "Validate server cerficate" checkbox on Win XP

+
0 Votes
Locked

EAP-TLS "Validate server cerficate" checkbox on Win XP

summers
Hi all,

I have just found out that regardless of checking "Validate server cerficate" option on WIn XP, authentication succeeds in my WLAN environment. I wonder if this is the way it works or not.

Here is my question.

Is "Validate server cerficate" option is optional for EAP-TLS? or something wrong with our WLAN?

Thanks in advance.
  • +
    0 Votes
    roberto

    As the title states, are you positive the server certificate is not valid...? Depending on "how" you are authenticating the wireless clients (Cisco ACS, Windows, etc) the certificate that is installed on whatever device performs the authentication could have been entered in the list of trusted certificates on your domain, and thus be valid.

    +
    0 Votes
    summers

    Thanks, Roberto.

    Maybe my question is if server certificate verification mandatory or not in TLS negotiation. If wireless user trust server certificate without verification, then I do not think wireless client need the Root certificate. That means I do not need to check "Validate server certificate".

  • +
    0 Votes
    roberto

    As the title states, are you positive the server certificate is not valid...? Depending on "how" you are authenticating the wireless clients (Cisco ACS, Windows, etc) the certificate that is installed on whatever device performs the authentication could have been entered in the list of trusted certificates on your domain, and thus be valid.

    +
    0 Votes
    summers

    Thanks, Roberto.

    Maybe my question is if server certificate verification mandatory or not in TLS negotiation. If wireless user trust server certificate without verification, then I do not think wireless client need the Root certificate. That means I do not need to check "Validate server certificate".