Bypassing Server Certificate Validation for Troubleshooting
A fundamental component of RADIUS is a client's validation of the RADIUS server's identity. This is accomplished by hosting a certificate on the RADIUS server that has been validated by a trusted Certificate Authority (CA). If a self-signed certificate (or any certificate from an untrusted CA) is in use, most clients will reject the connection since they cannot validate the server's identity.
For troubleshooting purposes, server certificate validation can be disabled on one or multiple clients, allowing those clients to connect regardless of the certificate in use.
Note: It is strongly recommended to address this issue by using a trusted certificate. Disabling server validation as a permanent resolution introduces security risks on the network.
Windows 7/8
To disable the validation of server certificates in Windows 7/8:
- Navigate to Control Panel > Network and Sharing Center > Manage wireless networks.
Note: If presented with different options, switch from View by Categories to either small or large icons. - Right-click the interface/network in question and choose Properties.
- On the Security tab, click Settings.
- Along the top, uncheck the box for Validate server certificate.
Windows 10/11
- Navigate to Control Panel > Network and Sharing Center > Change adapter settings.
Note: If presented with different options, switch from View by Categories to either small or large icons. - Double-click the interface/network in question and choose Properties.
- On the Authentication tab, click Settings.
- Along the top, uncheck the box for Verify the server's identity by validating the certificate.
MacOS
If using OS X, sometimes it can take up to 10 seconds for authentication to complete. This can occur if the RADIUS certificate, or any certificate in the chain, is configured for CRL or OCSP. Please refer to Apple support for more details.
For additional information on Meraki RADIUS configuration, please refer to the following article: