You must type the name exactly as it appears in the Subject field of each RADIUS server certificate, or use regular expressions to specify the server name.
The complete syntax of the regular expression can be used to specify the server name, but to differentiate a regular expression with the literal string, you must use at least one “*” in the string specified.
You can also purchase a CA certificate from a non-Microsoft vendor.
For example, you can specify Lists the trusted root certification authorities.
If you disable this check box, client computers cannot verify the identity of your servers during the authentication process.
If server authentication does not occur, users are exposed to severe security risks, including the possibility that users might unknowingly connect to a rogue network.
If one or multiple trusted root CAs are selected, the 802.1X client verifies that the computer certificate of the RADIUS server was issued by a selected trusted root CA.
If you have a public key infrastructure (PKI) on your network, and you use your CA to issue certificates to your RADIUS servers, your CA certificate is automatically added to the list of trusted root CAs.
Deploying the same type of authentication method for PEAP and EAP creates a security vulnerability.
When you deploy both PEAP and EAP (which is not protected), do not use the same authentication type.