• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 300
  • Last Modified:

RADIUS Server Certificate

Hello Experts:

I will be installing and configuring a RADIUS server on either Windows Server 2003 or Windows Server 2008 R2.  It is due to a migration from Windows 2003.  

I need to find out if the current RADIUS Server running on Windows 2003 has a certificate or uses a certificate.  Please let me know how I find that one out.

Also, does a RADIUS server need a certificate to work properly?

Thanks
Willie
0
willie0-360
Asked:
willie0-360
  • 4
  • 3
2 Solutions
 
Jakob DigranesSenior ConsultantCommented:
If you need a certiticate or not depends on how authentication is set up. But if you use (and you really should use this) PEAP - then you need a certificate on radius server. With PEAP the client and Radius server sets up a secure encrypted tunnel where user credentials can be exchanged, either this be ms-chapV2 or EAP-TLS.

To find what cert the 2003 is using, you can go to administrative tools - Internet Authentication Services - go to network policies - choose edit profile - authentication, there you should see it (sorry - I might be a bit rusty, been some time since I've worked with 2003 radius)

You can also start MMC and add snap-in certificates - local machine - and see under personal if a RAS/IAS certificate, or server/computer certificate is enrolled - then it might be used with radius
0
 
willie0-360Author Commented:
Thanks for your response jakob_di.

Your response raises the question of how do I determine if I am using PEAP or any other.

Also, I did what you suggested in your second paragraph.  I went to Administrative Tools --> Internet Authentication Services, but I was not able to find Network Policies and what follows after that.

I also tried starting the MMC, but when I tried to snap in a certificate, it seems that it wants to  create/install a new certificate.

I need more help.


Thanks.
Willie
0
 
Jakob DigranesSenior ConsultantCommented:
sorry --- my bad. remembered it wrong. See attached pictureias 2003
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
willie0-360Author Commented:
Based on that, I would say we are using PEAP.  Please see the attached word document with the pictures I included.

Figure 1indicates I am using PEAP.  However, Figure 1 shows that a certificate could not be found that can be used with this EAP, even though it is using PEAP.  In your first post, you indicated that if using PEAP a certificate is required.  Then, what does that message about a certificate not found means?

Also, Figure 2 has Microsoft Encrypted Authentication version 2 (MS-CHAP v2), does that mean anything regarding the use of certificates?

Thanks.
Willie
wireless.experts.exchange.docx
0
 
Jakob DigranesSenior ConsultantCommented:
yes - you're not using PEAP - at least any more. It might be that the certificate is expired and thus not found anymore.
But you're using mschap v2 only.
ms-chapV2 can in fact be broken, and should not be used without PEAP
0
 
willie0-360Author Commented:
Thanks a lot for your help jakob_di.  I hope to find you again in the future.


Willie
0
 
Jakob DigranesSenior ConsultantCommented:
Excellent .... Glad to help :-)

jakob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now