Hi, I am interested in knowing how TLS channel is formed with out server certificate validation in PEAP-MSCHAPv2 in phase-1? My assumption is,when you have digital certificates, then the public key of the server is used for sharing master key generated and hence forth used for secure communication between server and client. Please correct me if iam wrong. I am interested in knowing how TLS channel is formed with out server certificate validation? Thanks, Ramprasad.

AFAIK you need a server certificate for IAS or other RADIUS. See http://technet.microsoft.com/en-us/library/cc786978(WS.10).aspx or http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0e4.shtml for more information.However you do not need client certificates. For more information on PEAP I strongly suggest that you read "Securing Wireless LANs with PEAP and Passwords" http://www.microsoft.com/downloads/details.aspx?FamilyID=60c5d0a1-9820-480e-aa38-63485eca8b9b&displaylang=enHTHFeel free to ask more questions if needed.RegardsMartin Rublik

I believe that this is possible, but very unsecure way. In Protected EAP Properties deselect 'Validate server certificate' check-box. http://www.sysadmins.lv

Hi, The following articles may be helpful: How TLS/SSL Works http://technet.microsoft.com/en-us/library/cc783349(WS.10).aspx Understanding 802.1X authentication for wireless networks http://technet.microsoft.com/en-us/library/cc759077(WS.10).aspx PEAP-MS-CHAP v2 http://technet.microsoft.com/en-us/library/cc779326(WS.10).aspx Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.

I got the answer. If you check the box "validate server certificate" then the server certificate is validated & then the server's public key is used to form a secure TLS channel. If you uncheck "validate server certificate" , then server certificate is not validated against the trusted CA, simply client uses the server certificate , extracts the public key & is used to form secure TLS channel.