Hello dear Aerohivefriends,
I'm IT-manager in a secondary school. We are deploying our Aerohive-WiFi and we're facing a problem. We want to use our Windows 2008 NPS Radius server to authenticate users on their own devices (BYOD). We use PEAP-MSCHAPv2. The problem is the self-signed certificate.
Mac-OS devices can authenticate, they only get a warning that is it "insecure". Windows 7 (not-domain devices) are getting an error, they can't connect at all. We've found out that disabling "validate server certificate" on the WiFi-client is a workaround. Unfortunately, non of my collegues (+/- 400) nor students (+/- 3000) has the skills to connect this way. It has to be very easy and foolproof.
I've read a lot of discussions on this forum, but I can't find the right answer.
My NPS-server FQDN is srvadm01.coltd.be (so NOT .local). Do I have to order a SSL-certificate (GoDaddy) for this FQDN? Are there any special requirements for this certificate? Do I just have to change my self-signed certificate into this signed-cerficate on my NPS-server? Is there a manual for this procedure?
Can anyone confirm that this problem disappears when I buy a standard SSL-certificate (+/- € 60/year)? What behaviour can be expected on my Windows 7 not-domain clients?
I have a SSL-certificate for my mailserver (mail.coltd.be). I've read on this forum that the FQDN of the NPS-server is not important (https://community.aerohive.com/aerohive/topics/802_1x_authentication_with_heterogenous_clients), so I tried with this SSL-certificate but this procedure doesn't work at all. Is this normal behaviour?
Thanks a lot!