You might try setting the EAP policy for the CA certificate to always
trusted instead of the actual server certificate. I haven't tried
this myself before, but it stands a chance of keeping the trust info
between renewals of the server cert.
--Mike
On May 13, 2007, at 6:55 AM, Julian Y. K
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 19:00 -0500 05/03/2007, Julian Y. Koh wrote:
>Our SSL cert for our RADIUS server is expiring soon. We've got a renewed
>certificate all set to load up, but I was wondering how clients behave when
>presented with the new cert if they've already set
It depends on what you've told your clients to verify. We have our
clients verify both the CA *and* CommonName (as should be done by
all :)). We just renewed our cert several months ago with no issue
whatsoever, and no one outside central IT even knew it was done (or
needed to for that ma
Never done it, but it sure seems that if the cert is from an entity the
client machine trusts, the user would never be aware of the change.
Tom Zeller
Indiana University
On 5/3/07 8:00 PM, "Julian Y. Koh" <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Our SS
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Our SSL cert for our RADIUS server is expiring soon. We've got a renewed
certificate all set to load up, but I was wondering how clients behave when
presented with the new cert if they've already set up their supplicants to
accept the original one. W