- Last updated
- Save as PDF
A fundamental component of RADIUS is a client's validation of the RADIUS server's identity. This is accomplished by hosting a certificate on the RADIUS server that has been validated by a trusted Certificate Authority (CA). If a self-signed certificate(or any certificate from an untrustedCA) is in use, most clients will reject the connection since they cannot validate the server's identity.
For troubleshooting purposes, server certificate validation can be disabled on one or multiple clients, allowing those clients to connect regardless of the certificate in use.
Note:It is strongly recommended to address this issue by using a trusted certificate. Disabling server validation as a permanent resolution introduces security risks on the network.
Windows 7/8
To disable the validation of server certificates in Windows 7/8:
- Navigate to Control Panel > Network and Sharing Center > Manage wireless networks.
Note: If presented with different options, switch from View by Categories to either small or large icons. - Right-click the interface/network in question and choose Properties.
- On the Securitytab, click Settings.
- Along the top, uncheck the box for Validate server certificate.
Windows 10/11
- Navigate toControl Panel > Network andSharing Center> Change adapter settings.
Note: If presented with different options, switch from View by Categories to either small or large icons. - Double-click the interface/network in question and choose Properties.
- On the Authentication tab, click Settings.
- Along the top, uncheck the box for Verify the server's identity by validating the certificate.
MacOS
If using OS X, sometimes it can take up to 10 seconds for authentication to complete. This can occur if theRADIUS certificate, or any certificate in the chain, is configured for CRL or OCSP. Please refer to Apple supportfor more details.
For additional information on MerakiRADIUS configuration, please refer to the following article: