Controllerless Networks

Reply
Occasional Contributor I
Posts: 6
Registered: ‎05-21-2015

Need details for what settings I need when requesting a certificate from our enterprise CA

Does anyone have the details for what settings I need when requesting a certificate from our enterprise CA. The Radius setup on the 7010 and Windows Server 2008 are very different than our 200 controller. Any help would be appreciated. Our new setup is an Aruba 7010 with 204 APs.

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Need details for what settings I need when requesting a certificate from our enterprise CA

Are you questioning the certificate requirements for the controller or your RADIUS server?   If the controller, will the certificate be for HTTPS or EAP termination (or both)?

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor I
Posts: 6
Registered: ‎05-21-2015

Re: Need details for what settings I need when requesting a certificate from our enterprise CA

RADIUS

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Need details for what settings I need when requesting a certificate from our enterprise CA

The certificate requirements for NPS (Server 2008) as a RADIUS server are covered in the following Microsoft TechNet document.      If you have an Enterprise CA (Windows-based), you can usually use the RAS and IAS server template or any other template with the Server Authentication EKU.

 

https://technet.microsoft.com/en-us/library/cc731363%28v=ws.10%29.aspx

 

Also, I suggest you do not request this certificate with a wildcard CN.

 

 

 

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor I
Posts: 6
Registered: ‎05-21-2015

Re: Need details for what settings I need when requesting a certificate from our enterprise CA

I dont need certs for all the connecting computers do I?

 

Aruba
Posts: 1,644
Registered: ‎04-13-2009

Re: Need details for what settings I need when requesting a certificate from our enterprise CA

You only need client certificates if you are using EAP-TLS.  If you use PEAP-MSCHAPv2; it is username/password combination; but the RADIUS server still needs a certificate which the clients can validate/trust.  The TechNet link I included above has a minimum server requirement and minimum client requirement section; if not using client certificates; you can ingnore the minimum client requirements section.

 

The following summarizes some of the PEAP-MSCHAPv2 requirements.

https://technet.microsoft.com/en-us/library/cc754179(v=ws.10).aspx

 

------------------------------------------------
Systems Engineer, Northeast USA
ACCX | ACDX | ACMX

Occasional Contributor I
Posts: 6
Registered: ‎05-21-2015

Re: Need details for what settings I need when requesting a certificate from our enterprise CA

I hope this gets me strightend out.

 

Thanks

Search Airheads
Showing results for 
Search instead for 
Did you mean: