If you are using external RADIUS (you mention ACS so assume that is what you are using), then the whole 802.1x exchange is transparent to the Aerohive AP - the PEAP connection and all the authentication occurs directly between the client (supplicant) and RADIUS server, with the AP just blindly passing packets backwards and forwards between the two.
If the AP is running as the RADIUS server, then the situation is different.
In that case, the certificate is for the RADIUS server and allows the client to validate that it is talking to the RADIUS server it is expecting to be talking to - it has nothing to do with the authentication of the user by the RADIUS server.
Again, the situation is different if you are using mutual certificate authentication (EAP-TLS or PEAP-EAP-TLS, which Microsoft calls "Smart card or other certificate"; EAP-TLS is "Smart card or other certificate" in the first authentication type list in the settings, PEAP-EAP-TLS is "Smart card or other certificate" under the PEAP authentication type).
Hi all, I just signed up (for my elderly mom) with Comcast for their hi-speed Internet service (performance level).
you are authenticating the user/machine using username and password.
The below guide has been tested on MS Windows XP Professional and is based on Windows' default wireless configuration tool (Wireless Zero Configuration).