Aruba Instant & Cloud Wi-Fi

Reply
New Contributor
Posts: 4
Registered: ‎01-27-2015

Aruba Instant RADIUS certificate error

OK, I have looked everywhere I can see here and in documentation. I have six 105 units with Instant. Have configured a SSID to use RADIUS authentication and that is working great. Some clients complain about a certificate not being valid but are still able to connect to it without issues. The only certificate I found is under Maintenance -> Certificates My questions is do I replace this with a standard SSL certificate like any website? If so where/how do I generate a CSR with the setup I have?
Guru Elite
Posts: 7,836
Registered: ‎09-08-2010

Re: Aruba Instant RADIUS certificate error

Are you doing username/password authentication (PEAP)? Are you using the internal or an external RADIUS server?


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
New Contributor
Posts: 4
Registered: ‎01-27-2015

Re: Aruba Instant RADIUS certificate error

I have yet to play with the certificates on this system so the default appears to be PEAP The default certificate by GeoTrust is the certificate I see. 

 

We configured this to talk to an external RADIUS. 

 

In Maintenance -> Certificates it says: 

Certificates affect which authentication protocols are used:

- No cert: LEAP

- Server cert: PEAP + TTLS

- Server and CA certs: TLS

 

If I'm understanding what I've read so far 'No cert: LEAP' would leave the traffic between clients and WAPs unencrypted. We'd prefer this be encrypted.

Guru Elite
Posts: 7,836
Registered: ‎09-08-2010

Re: Aruba Instant RADIUS certificate error

OK. Can you explain what you are seeing on the devices? Most of the time, the message that is displayed is not an error and is just a normal part of the EAP-PEAP-MSCHAPv2 exchange.

 

It is asking the user if they trust the server to process their credentials This always has to be done the first time a user connects to a network using a tunneled encryption protocol with server-side certificates.

 

The only way to get around this is to pre-configure client devices, push down a profile via group policy or profile manager or use something like QuickConnect to configure devices.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
New Contributor
Posts: 4
Registered: ‎01-27-2015

Re: Aruba Instant RADIUS certificate error

I've attached a screenshot my Windows laptop sees. My Android phones receives no error/message but an iPhone here does. My laptop has connected before and sees this everytime. 

 

If this is normal and can be configured to avoid this is there a post or documentation on this process?

Guru Elite
Posts: 7,836
Registered: ‎09-08-2010

Re: Aruba Instant RADIUS certificate error

This is normal. Users click accept or connect depending on the platform.

 

The only way to get around this is to push down configuration policies through Group Policy or Profile manager, or use QuickConnect for your users.

 

Take a look here:

http://community.arubanetworks.com/t5/Americas-Airheads-Conference/Breakout-Real-world-802-1X-Deployment-Challenges/gpm-p/129211

 


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
New Contributor
Posts: 4
Registered: ‎01-27-2015

Re: Aruba Instant RADIUS certificate error

Thank you cappalli!

Search Airheads
Showing results for 
Search instead for 
Did you mean: