ArubaOS and Controllers

Reply
New Contributor

Problems with 2048 bit certificate on eap-peap termination

Our controllers are set up to do eap-peap termination for 802.1x authentication.

We've been using 1024 bit certificates, but our CA only issues 2048 bit certificates now.

I've installed the 2048 cert on the controller and made it active, but get certificate errors on all my wireless test clients ( XP, W7, OS X 10.5.8)

The controller doesn't seem to reference the new cert either in Configuration->Management->Certificates, but it will reference the TrustedCA cert that I installed.

Aruba5000 running ArubaOS Version 3.3.3.8

Anybody else having problems like this or have a solution?

John Pertalion
Appalachian State University
Boone, NC USA
New Contributor

Re: Problems with 2048 bit certificate on eap-peap termination

Talked to Support. As of this time, the controllers support a maximum key length certificate of 1024 bits.
Occasional Contributor I

Re: Problems with 2048 bit certificate on eap-peap termination

We also received this answer from Support...even though you can create a 2048 csr on the controllers. Our CA has let us conitnue receiving 1024 certs until the end of the year when it will be mandated, but it took some coaxing.
Occasional Contributor I

Re: Problems with 2048 bit certificate on eap-peap termination

Have you tried combining your CA's intermediate and root cert into one file, uploading, and then assigning?

I'm not sure if this is related or not but I was having trouble chaining in an intermediate certificate for captive portal. I found something that might work. I say might because I haven't gotten an error with a gui browser but still get " self signed certificate in certificate chain" when using wget.

For captive portal, I combined (PEM format), server certificate, private key, intermediate cert, and root cert for CA into one file. Then, I uploaded it as a server certificate and assigned it since captive portal only allows you to set the server cert. This was in version 3.4.2.2.

Good luck.
Aruba Employee

Re: Problems with 2048 bit certificate on eap-peap termination

Be aware that the 1024bit limitation only applies for the server certificate
Best regards
S.
Contributor I

encryption on 5.0.3.3

I just wanted to check whether the limitation of 1024 bits encryption on 3.x for server certificates has been increased to 2048 bits on 5.x. Please let me know if you have received any further updates on this.
Guru Elite

Re: Problems with 2048 bit certificate on eap-peap termination

The ability to add 2048 bit certificates for EAP termination has only been added to the ArubaOS 6.1 code train. The workaround for any other version of code is to install your certificate directly on the radius server.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I

Re: Problems with 2048 bit certificate on eap-peap termination

Thanks!!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: