Controllerless Networks

last person joined: 23 hours ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Aruba Instant RADIUS certificate error

This thread has been viewed 8 times

  • 1.  Aruba Instant RADIUS certificate error

    Posted Jan 27, 2015 05:18 PM
    OK, I have looked everywhere I can see here and in documentation. I have six 105 units with Instant. Have configured a SSID to use RADIUS authentication and that is working great. Some clients complain about a certificate not being valid but are still able to connect to it without issues. The only certificate I found is under Maintenance -> Certificates My questions is do I replace this with a standard SSL certificate like any website? If so where/how do I generate a CSR with the setup I have?


  • 2.  RE: Aruba Instant RADIUS certificate error

    EMPLOYEE
    Posted Jan 27, 2015 05:19 PM

    Are you doing username/password authentication (PEAP)? Are you using the internal or an external RADIUS server?



  • 3.  RE: Aruba Instant RADIUS certificate error

    Posted Jan 27, 2015 05:29 PM

    I have yet to play with the certificates on this system so the default appears to be PEAP The default certificate by GeoTrust is the certificate I see. 

     

    We configured this to talk to an external RADIUS. 

     

    In Maintenance -> Certificates it says: 

    Certificates affect which authentication protocols are used:

    - No cert: LEAP

    - Server cert: PEAP + TTLS

    - Server and CA certs: TLS

     

    If I'm understanding what I've read so far 'No cert: LEAP' would leave the traffic between clients and WAPs unencrypted. We'd prefer this be encrypted.



  • 4.  RE: Aruba Instant RADIUS certificate error

    EMPLOYEE
    Posted Jan 27, 2015 05:31 PM

    OK. Can you explain what you are seeing on the devices? Most of the time, the message that is displayed is not an error and is just a normal part of the EAP-PEAP-MSCHAPv2 exchange.

     

    It is asking the user if they trust the server to process their credentials This always has to be done the first time a user connects to a network using a tunneled encryption protocol with server-side certificates.

     

    The only way to get around this is to pre-configure client devices, push down a profile via group policy or profile manager or use something like QuickConnect to configure devices.



  • 5.  RE: Aruba Instant RADIUS certificate error

    Posted Jan 27, 2015 05:41 PM
      |   view attached

    I've attached a screenshot my Windows laptop sees. My Android phones receives no error/message but an iPhone here does. My laptop has connected before and sees this everytime. 

     

    If this is normal and can be configured to avoid this is there a post or documentation on this process?



  • 6.  RE: Aruba Instant RADIUS certificate error
    Best Answer

    EMPLOYEE
    Posted Jan 27, 2015 05:44 PM

    This is normal. Users click accept or connect depending on the platform.

     

    The only way to get around this is to push down configuration policies through Group Policy or Profile manager, or use QuickConnect for your users.

     

    Take a look here:

    http://community.arubanetworks.com/t5/Americas-Airheads-Conference/Breakout-Real-world-802-1X-Deployment-Challenges/gpm-p/129211

     



  • 7.  RE: Aruba Instant RADIUS certificate error

    Posted Jan 28, 2015 10:31 AM

    Thank you cappalli!