06-19-2014 03:03 AM
I have Aruba instant 115 running on 6.3. I am using tacacs server for client authentication and currently it is pushing the certificate to the clients.
User/Client tries to connect to SSID for the very first time and he gets certificate warning popup, that its a untrusted server. I would like to avoid this warning even for the very first time. I am thinking to upload a public signed wildcard certificate on Aruba instant controller, please help me suggest the proper procedure to do this and if you think doing this will resolve the warning problem?
PS: No matter what I try this warning is never avoidable and it drives me crazy :( please help.
06-19-2014 05:10 AM
Thanks for reply.
I want to use this for WPA2-Enterprise authentication. If so when a new user inside the domin tries to connect he shouldnt get any warning popups complaining about untrusted source.
Right now the certificate is pushed from tacacs and users alwayz get a popup warning. Attached the warning message.
06-19-2014 05:39 AM
I may sound ridiculas but does that mean if I am using external RADIUS server for authentication the certificate should/will alwayz come from the RADIUS server and Aruba instant would not come into picture?
I mean in this scenario I cannot have Aruba to deliver certs in any case?
06-19-2014 05:48 AM
So are you using an external RADIUS or are you terminating on the Instant cluster?
06-19-2014 05:56 AM
Yes am using external RADIUS (tacacs) for authentication and currently the certificate to the clients is coming from tacacs. I have not setup to terminalte EAP on Aruba at the moment.
Attached the screenshot of my config.
06-19-2014 06:07 AM
OK, so you are using your TACACS server for user authentication on top of management authentication?
If the IAP is set to use your TACACS servers for authentication, this is where the EAP certificate will come from.
I guess the question is: What is your ideal setup?
06-19-2014 06:32 AM
My question is how to get rid of the warning message coming up on the client machine while connecting to wireless?
I have a self signed cert coming from tacacs which comes up with the warning. I would like to not change certificate on the tacacs server .
Is there anything I can do on Aruba so it can send the certificate to the clients? And may be I use a public wildcard cert on Aruba so clients dont get the popup wariniing?
06-19-2014 06:34 AM