Aruba Instant & Cloud Wi-Fi

Reply
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

IAP and TLS cert authentications

Hi,

I need to understand how i can configure my IAP infrastructure to implement the TLS certification.

The goal is "client have to verify the server certificate" and "the server have to verify the client certification" for booth certification the CA is the same.

 

Can you help me?

Best regards

 

Andrea

 

 

 

Andrea
Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: IAP and TLS cert authentications

As long as your clients have the Root CA in the trusted root store, you shouldn't have to worry.  Unless you are going to do termination on the IAP.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

Re: IAP and TLS cert authentications

ok.

I have a CLearPass and various IAP.

I need that the Client have access only if him have AD credential and a certificate signed by the customer CA on the device and the Client need to verify that the server have a certificate released by the same CA.

 

How I can implement it?

 

Best regards

Andrea
Guru Elite
Posts: 20,790
Registered: ‎03-29-2007

Re: IAP and TLS cert authentications

Andrea:

 

All the work will need to be on the client side and the ClearPass side.  

 

Here is the minimum you need to be done:

- The IAP just needs to be setup with WPA2-Enterprise and Point to the ClearPass as the Radius Server. 

- The client needs a user certificate generated by a certificate authority (that CA can be the built-in onboard CA).  

- Clearpass needs to have a service configured with the EAP-TLS authentication method AND have the CA certificate that issued the client certificate in its trusted CA Store.

 

That is all you need.  There is no AD tie-in required or needed.  You can configure authorization on the EAP-TLS authentication method so that the username on the certificate is checked against AD to see the user account on the certificate still exists in AD, but that is optional.  You should work on getting the minimum done, first.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: