Controllerless Networks

last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Back to discussions
Expand all | Collapse all

Exporting default iap-vc certificate

This thread has been viewed 9 times

  • 1.  Exporting default iap-vc certificate

    Posted Aug 24, 2017 06:28 AM

    Hi there,

     

    we have a virtual controller and using eap with authorization on the vc. 

     

    The wifi-connection and authorization with Windows 10 works great: Username, password, done.

     

    But there are some old devices which need a manual installation of the vc certificate. Otherwise the authorization fails.

     

    Is there any way to export the certificate?

     

    Best regards,

    Maurice



  • 2.  RE: Exporting default iap-vc certificate

    EMPLOYEE
    Posted Aug 24, 2017 08:48 AM

    No. The default certificate is not supposed to be used in any circumstances.



  • 3.  RE: Exporting default iap-vc certificate

    EMPLOYEE
    Posted Aug 25, 2017 04:29 AM

    Indeed it is best to create your own private Certificate Authority and create the EAP/RADIUS certificate from there. If you have MS Active Directory Certificate services, check this video for some guidance. Otherwise you can use OpenSSL (Google and you will find). Or buy a publicly signed SSL Server certificate.

     

    Check the ClearPass Certificates 101 Technote for some more background on which RADIUS (EAP) certificate to generate/purchase.

     

    If you really want to get the certificate in order to import it into your clients, it probably is the same certificate that is used for the WebUI. So you can export the certificate when you have the Instant WebUI open with the browser tools. Be warned that you cannot export/backup the private key so if you need to reset the IAP config or want to replicate the solution to another location, you can't. For that (and more reasons), don't use the default cert.