We have all of our SSIDs using 802.1X with our internal certificate.
Everything seems ok, users are able to configure their devices with our how-to's. We have been running this way for almost three years now and there has been a single thing that I always wanted to understand better and for that I'am asking for your help.
Every user has to accept the certificate when he/she connects for the first time or should be just for the first time or when the certificate is renewed.
The certificate is not verified (valid, its our internal CA) so there is that "red" alert message that seems horrible!
Ok I understand the point of that.
My question, there is this WLAN Server Certificate for Microsoft RADIUS/IAS that Verisign used to sell (more details here http://www.verisign.com/static/DEV004...
). If we buy this certificate and use it on our Radius servers, will this message stop?
Another question regarding our currently scenario. Our certificate has 1 year expiration date. We have been notified by some users that are not connecting regularly to the WiFi, for instance he connects on Monday and again just on Friday, and every time he has to accept the certificate. On the other way, I connect my iPhone every work day so I rarely see the "red alert" message of untrusted certificate.
This is something related to the specific user's connection? Something maybe related to the PMK timeout? What could it be?