Ultimate wireless security guide: Manual Root Certificate deployment for Windows

Enterprise wireless LAN security is a persistent concern for every system administrator and CIO. This article, part of the TechRepublic ultimate guide to enterprise wireless LAN security, describes in a step-by-step guide how to manually deploy a root authentication certificate for Windows.

The complete TechRepublic Ultimate Wireless Security Guide is available as a download in PDF form.

Only use this section if you don't have Microsoft Active Directory to automatically deploy your "root certificate" to your user's Certificate Trust Lists (CTL). This article assumes that you have set up some way of distributing your "Root Certificate" either by posting it on an internal Intranet server, a public Internet server, or internal file server. You don't need to worry about this certificate falling in to the wrong hands so long as you didn't include the private key when you exported the certificate, but you might still want to keep the distribution of your root certificate internal.

Start by copying the Certificate Authority Certificate to your Laptop, Desktop, or PDA and use the following procedure.

Right click on the file "MyAuthServCert.cer" and click "Install Certificate". (Figure N)

Figure N


Click "Next" on the welcome screen shown in Figure O.

Figure O

Certificate Import Wizard

Choose the second option and click "Browse." (Figure P)

Figure P

Certificate Store

Click on "Show physical stores" and expand "Trusted Rood Certification Authorities" and select "Local Computer". Make sure you follow this particular instruction very carefully to put the cert in the right place! (See Figure Q)

Figure Q

Select Local Computer

Click OK, Next, and then Finish to complete this phase.

Note that this same "Root Certificate" works on Pocket PC Windows Mobile 2003 (or above) and Windows CE 4.2 as well. You simply need to download the "root certificate" and double tap on the file. It will prompt you to install it and all you need to do is click "Yes" or "Ok". This technique does not work on PALM based devices because they don't support 802.1x and PEAP authentication.

It is also possible to get modern versions of Mac OS X or Linux (with the proper supplicant software) working as well and it works in the same manner. If you're running the Cisco Aironet Configuration Utility (ACU) client on Windows, both the automatic and this manual method of installing a root certificate works though the Cisco Wireless Client can't be auto configured through group policy and it doesn't support machine logon.

Editor's Picks

Free Newsletters, In your Inbox