- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
06-02-2015 03:50 PM
Does anyone have the details for what settings I need when requesting a certificate from our enterprise CA. The Radius setup on the 7010 and Windows Server 2008 are very different than our 200 controller. Any help would be appreciated. Our new setup is an Aruba 7010 with 204 APs.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Need details for what settings I need when requesting a certificate from our enterprise CA
Re: Need details for what settings I need when requesting a certificate from our enterprise CA
06-02-2015 06:28 PM
Are you questioning the certificate requirements for the controller or your RADIUS server? If the controller, will the certificate be for HTTPS or EAP termination (or both)?
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Need details for what settings I need when requesting a certificate from our enterprise CA
Re: Need details for what settings I need when requesting a certificate from our enterprise CA
06-02-2015 06:36 PM
RADIUS
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
06-02-2015 06:46 PM
The certificate requirements for NPS (Server 2008) as a RADIUS server are covered in the following Microsoft TechNet document. If you have an Enterprise CA (Windows-based), you can usually use the RAS and IAS server template or any other template with the Server Authentication EKU.
https://technet.microsoft.com/en-us/library/cc731363%28v=ws.10%29.aspx
Also, I suggest you do not request this certificate with a wildcard CN.
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Need details for what settings I need when requesting a certificate from our enterprise CA
Re: Need details for what settings I need when requesting a certificate from our enterprise CA
06-02-2015 07:03 PM
I dont need certs for all the connecting computers do I?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Need details for what settings I need when requesting a certificate from our enterprise CA
Re: Need details for what settings I need when requesting a certificate from our enterprise CA
06-02-2015 08:45 PM
You only need client certificates if you are using EAP-TLS. If you use PEAP-MSCHAPv2; it is username/password combination; but the RADIUS server still needs a certificate which the clients can validate/trust. The TechNet link I included above has a minimum server requirement and minimum client requirement section; if not using client certificates; you can ingnore the minimum client requirements section.
The following summarizes some of the PEAP-MSCHAPv2 requirements.
https://technet.microsoft.com/en-us/library/cc754179(v=ws.10).aspx
Systems Engineer, Northeast USA
AMFX | ACCX | ACDX | ACMX
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator
Re: Need details for what settings I need when requesting a certificate from our enterprise CA
Re: Need details for what settings I need when requesting a certificate from our enterprise CA
06-02-2015 09:06 PM
I hope this gets me strightend out.
Thanks
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator