Controllerless Networks

Reply
New Contributor

Using CA Issued Certificate with Aruba Instant RADIUS Server

I've been reading other community posts and using advice from Joseph and Tim but I can't quite seem to achieve my goal of using the internal RADIUS server on a single RAP-109 along with a CA issued certificate so that my clients don't receive the un-trusted security message (iOS) or the Windows security alert (Windows 7 workgroup machine screenshot attached) upon connecting to the WPA-2 Enterprise secured network.

 

Must you always pre-install a certificate (either manually or Group Policy, etc.) on all your clients before connecting them to 802.1X network in order to avoid these alerts or is it possible to somehow use the default root CA's in the OS or device trust store to verify the IAP's certificate?

Guru Elite

Re: Using CA Issued Certificate with Aruba Instant RADIUS Server

All unconfigured clients will receive a certificate trust message the first time they connect.

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite

Re: Using CA Issued Certificate with Aruba Instant RADIUS Server

To avoid it completely in Windows, you would push a the CA certificate to your client's trusted store.  Also remember that sometimes you need to also push the intermediate/subordinate CA certificates (the full chain) to your client so that they trust the issued certificate.  Unless the client has the full chain (the subordinate and the CA certificate) in its store, it will not trust the CA that issued the Server Certificate.  The majority of CA certificates are intermediate and require the CA cert and the CA intermediate certificate.  Just because a server certificate is issued by Comodo and your client trusts a certificate by Comodo, does not mean it is the same CA certificate.  You need to compare the certificates to make sure they are the same and if they are not, make sure you push the CA and the subordinate/intermediate certificate to your client's Trusted CA store via GPO.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: