Can I use the JANET Server Certificate Service to provide certificates for my RADIUS servers? / Do you have any technical documentation on using MS IAS and JANET SCS?
Yes – the JANET Server Certificate Service (JANET SCS) works fine with the most popular RADIUS servers; FreeRADIUS, Radiator and Cisco ACS and will provide you with server certificates free of charge – suitable for use with EAP-PEAP and EAP-TTLS methods. However if you intend to use Microsoft Internet Authentication Service (IAS) with JANET SCS, skilful configuration will be required. A draft guidance tech guide sheet is available on request. The difficulties with MS Internet Authentication Service stem from the fact that it does not send the full certificate chain during EAP-PEAP negotiation. Consequently, in order to use IAS with JANET SCS certificates (or any other certificate not issued directly from a certification authority (CA) ‘known’ by the supplicant), it is essential to: 1. Ensure that you include the correct extensions in the certificate 2. Configure IAS to include the certificate in its list of known certificates. This issue came to light through problems experienced in at
Related Questions
- Will certificates issued by the Certificate Service comply with the emerging InCommon Identity Assurance Profiles (Bronze/Silver)?
- What is the certificate chain for Extended Validation (EV) certificates issued by the InCommon Certificate Service?
- Is Shibboleth a technical requirement for using the Certificate Service?
