09-23-2015 03:30 AM
I need to understand how i can configure my IAP infrastructure to implement the TLS certification.
The goal is "client have to verify the server certificate" and "the server have to verify the client certification" for booth certification the CA is the same.
Can you help me?
09-23-2015 03:44 AM
As long as your clients have the Root CA in the trusted root store, you shouldn't have to worry. Unless you are going to do termination on the IAP.
If my post is helpful please give kudos, or mark as solved if it answers your post.
ACCP, ACMP, ACMX #294
09-23-2015 04:04 AM
I have a CLearPass and various IAP.
I need that the Client have access only if him have AD credential and a certificate signed by the customer CA on the device and the Client need to verify that the server have a certificate released by the same CA.
How I can implement it?
09-23-2015 04:40 AM
All the work will need to be on the client side and the ClearPass side.
Here is the minimum you need to be done:
- The IAP just needs to be setup with WPA2-Enterprise and Point to the ClearPass as the Radius Server.
- The client needs a user certificate generated by a certificate authority (that CA can be the built-in onboard CA).
- Clearpass needs to have a service configured with the EAP-TLS authentication method AND have the CA certificate that issued the client certificate in its trusted CA Store.
That is all you need. There is no AD tie-in required or needed. You can configure authorization on the EAP-TLS authentication method so that the username on the certificate is checked against AD to see the user account on the certificate still exists in AD, but that is optional. You should work on getting the minimum done, first.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base