Controllerless Networks

Reply
Occasional Contributor I
Posts: 7
Registered: ‎06-19-2014

How to add wildcard certificate into Aruba instant ?

 

Hi All,

 

I have Aruba instant 115 running on 6.3. I am using tacacs server for client authentication and currently it is pushing the certificate to the clients. 

 

My problem,

 

User/Client tries to connect to SSID for the very first time and he gets certificate warning popup, that its a untrusted server. I would like to avoid this warning even for the very first time. I am thinking to upload a public signed wildcard certificate on Aruba instant controller, please help me suggest the proper procedure to do this and if you think doing this will resolve the warning problem? 

 

PS: No matter what I try this warning is never avoidable and it drives me crazy :( please help.

 

 

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: How to add wildcard certificate into Aruba instant ?

Is this for the IAP captive portal ?
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor I
Posts: 7
Registered: ‎06-19-2014

Re: How to add wildcard certificate into Aruba instant ?

Thanks for reply.

 

I want to use this for WPA2-Enterprise authentication. If so when a new user inside the domin tries to connect he shouldnt get any warning popups complaining about untrusted source.

 

Right now the certificate is pushed from tacacs and users alwayz get a popup warning. Attached the warning message.

 

 

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: How to add wildcard certificate into Aruba instant ?

You should not use a wildcard cert for RADIUS.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 7
Registered: ‎06-19-2014

Re: How to add wildcard certificate into Aruba instant ?

 

 

I may sound ridiculas but does that mean if I am using external RADIUS server for authentication the certificate should/will alwayz come from the RADIUS server and Aruba instant would not come into picture?

 

I mean in this scenario I cannot have Aruba to deliver certs in any case?

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: How to add wildcard certificate into Aruba instant ?

So are you using an external RADIUS or are you terminating on the Instant cluster?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 7
Registered: ‎06-19-2014

Re: How to add wildcard certificate into Aruba instant ?

Hi cappalli,

 

Yes am using external RADIUS (tacacs) for authentication and currently the certificate to the clients is coming from tacacs. I have not setup to terminalte EAP on Aruba at the moment.

 

Attached the screenshot of my config. 

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: How to add wildcard certificate into Aruba instant ?

OK, so you are using your TACACS server for user authentication on top of management authentication?

If the IAP is set to use your TACACS servers for authentication, this is where the EAP certificate will come from.

 

I guess the question is: What is your ideal setup?

 

Thanks


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 7
Registered: ‎06-19-2014

Re: How to add wildcard certificate into Aruba instant ?

My question is how to get rid of the warning message coming up on the client machine while connecting to wireless?

 

I have a self signed cert coming from tacacs which comes up with the warning. I would like to not change certificate on the tacacs server .

 

Is there anything I can do on Aruba so it can send the certificate to the clients? And may be I use a public wildcard cert on Aruba so clients dont get the popup wariniing?

Guru Elite
Posts: 8,759
Registered: ‎09-08-2010

Re: How to add wildcard certificate into Aruba instant ?

No, this is a normal part of the EAP authentication process. Unless you preconfigure all of your clients (manually, using group policy, or using a supplicant configuration utility like QuickConnect), the user will be presented with a message asking them if they trust the certificate.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: