How do I set up radius so that it does not use certificates?

  • 1
  • Question
  • Updated 1 year ago
We want our devices to authenticate against AD without needing a cert to verify the SSID. 
Photo of Brian D Boothe

Brian D Boothe

  • 1 Post
  • 0 Reply Likes

Posted 1 year ago

  • 1
Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Simple answer, you can't avoid X.509 certificates.

The common EAP types in use today for wireless 802.1X with broad client support are all TLS-based.

Some devices can be configured to ignore the contents of the certificate but this is not recommended as it is trivially security vulnerable.

Photo of SD


  • 3 Posts
  • 0 Reply Likes
Authenticating against AD means RADIUS, which in turn means certs. PPSK is the only option without cert but no AD authentication.  You could manually manage PPSK to reflect what is in AD but I doubt the efficiency and accuracy of such an approach. I have been looking at pros and cons of both and in the end decided that RADIUS is easier to manage in our environment, and it has the accounting feature that matches users to IP in firewall.