Interesting you say this. We just tested WPA2 enterprise with Vista yesterday and it seemed like IE7 did not have the Thawte Premium Server CA root cert installed.
The system cycled through the userID/password credential and the 'accept the certificate' popups until we went into the setup again and checked the "Thawte Premium Server CA" entry which wasn't there before. -------------------------------------------------------------------------------- Lelio Fulgenzi, B.A. Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 (519) 824-4120 x56354 (519) 767-1060 FAX (JNHN) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ...there's no such thing as a bad timbit... ----- Original Message ----- From: Emerson Parker To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Sent: Wednesday, April 04, 2007 12:19 PM Subject: Re: [WIRELESS-LAN] 802.1x With A One-Way Certificate IF you get a cert from a well know CA, the root cert comes with windows and other OSs so its not a problem to validate it. if you make your own, then you will have issues. -Emerson ------------------------------------------------------------------------------ From: ktaillon [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 04, 2007 11:01 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: [WIRELESS-LAN] 802.1x With A One-Way Certificate We are trying to implement a WPA/TKIP Wireless authentication. We are using ACS Solution Engine which backs into AD for Authentication. We are currectly using WEP. We are looking for the least amount of client setup to make this change. Cisco has told us to use the PEAP MSCHAPv2 connection with a one-way cert, the cert or CA would only be installed on the ACS server and the client would uncheck the 'Validate Server Certificate' under the protected EAP properties. They also told us that the PEAP tunnel that is created would be comparable to having a cert on the client. This seems to be working fine in our tests and is very simple setup for the clients. Are any of you running your connection setup this way? Ken Taillon Network Support Specialist Information Technology Services Wesleyan University 860-685-5657 ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.