Controls whether or not the client will validate the server's certificate.
Notes:
A server certificate is 'valid' if it signed by a trusted root certificate authority (CA) installed on the client. The list of trusted CAs is displayed in the 'Trusted Root Certification Authorities' box. Normally, server certificates signed by a commercial CA will be 'valid' because most commercial CAs are preinstalled as trusted roots. However, if you have a self-signed certificate, it will not be trusted by default. In this case, you have three options:
Pay a commercial CA (such as Thawte) to sign your certificate
Install your certificate as a trusted root CA on the client
Disable server validation using this setting
Values:
Checked If RADIUS server provides a certificate not in the client's trusted CA list, the client will abandon its authentication attempt. This ensures that the client only provides its credentials to servers who are adequately identifiable. Unchecked Client will authenticate regardless of the server's certificate.
Default Value:
Checked
Recommended Setting:
During lab testing, it is acceptable to set this to unchecked while using a self-signed certificate. For production deployments, you should this setting checked.
Cloudpath Help :
Cloudpath can detect the status of server certificate validation within the PEAP/TLS configuration.
Supported settings include:
Disabled - Default. When selected, the server certificate will not be validated.
Enabled - When selected, server certificate validation is performed.
Cloudpath is able to auto remediate this setting. By default, Windows XP will enable this for a new SSID.
Server certificate validation is intended to ensure that the client attempts to authenticate only to known authentication servers. Without validation, there is a concern that the client will attempt to authenticate to a rogue authentication server.
Copyright 2006-2017 Ruckus Wireless Inc.
Use of this website signifies your agreement to the Terms & Conditions
