Deploying Certificates to Users and Computers

The sections that follow provide recommendations for deploying the necessary cer tificates for 802.1x authentication for wireless networks.

RADIUS Server

When implementing 802.1x authentication, it is recommended that you use Win dows Server 2003 IAS as the RADIUS server. The implementation of a Windows Server 2003 computer allows you to restrict certificate-based authentication to certif icates with a designated OID in the certificate, such as a custom application policy OID.

To enable autoenrollment of the RAS and IAS Server certificates:

■ Ensure that the RADIUS server's computer account has membership in a group assigned Read, Enroll, and Autoenroll permissions for the RAS and IAS Servers certificate template.

■ Ensure that the RAS and IAS Server certificate template does not require user input for autoenrollment.

■ Ensure that the RAS and IAS Server certificate template is available for enroll ment on one or more Windows Server 2003, Enterprise Edition, enterprise cer tification authorities (CAs).

■ Ensure that the RADIUS server's computer account is in an organizational unit (OU) where the Autoenrollment Settings Group Policy setting for computers is applied.

Note Alternatively, a user assigned Read and Enroll permissions who is a member of the local Administrators group at the RADIUS server can manually enroll a RAS and IAS Server certificate.

Was this article helpful?

0 0

Post a comment