Security, WIDS/WIPS and Aruba ECS

Reply
Occasional Contributor I

CA Transition Steps?

Can anyone verify the steps I have outlined below or provide lessons learned from their experience doing the same? The purpose is to transition from a Verisign WLAN Server Certificate to a Comodo Instant SSL Certificate on a Microsoft IAS Radius Server for WAP-TKIP / PEAP-MS-CHAP v2 wireless authentication.

1) Install IIS on the IAS box and create the CSR from IIS.
2) When creating the CSR choose Microsoft RSA SChannel as the Cryptographic provider.
3) Provide the CSR to Comodo as part of the enrollment process.
4) When I get the certificate from Comodo, use the Certificate MMC snap-in on teh IAS box to import the certificate into Certificates – Current User / Personal / Certificates
5) In IAS go to each Remote Access Policy and find Authentication - EAP Methods – PEAP – Edit and choose the new certificate.
6) Test

Thanks
Guru Elite

Certificate Instructions


Can anyone verify the steps I have outlined below or provide lessons learned from their experience doing the same? The purpose is to transition from a Verisign WLAN Server Certificate to a Comodo Instant SSL Certificate on a Microsoft IAS Radius Server for WAP-TKIP / PEAP-MS-CHAP v2 wireless authentication.

1) Install IIS on the IAS box and create the CSR from IIS.
2) When creating the CSR choose Microsoft RSA SChannel as the Cryptographic provider.
3) Provide the CSR to Comodo as part of the enrollment process.
4) When I get the certificate from Comodo, use the Certificate MMC snap-in on teh IAS box to import the certificate into Certificates – Current User / Personal / Certificates
5) In IAS go to each Remote Access Policy and find Authentication - EAP Methods – PEAP – Edit and choose the new certificate.
6) Test

Thanks




Alex,

Parts 1,2 and 3 the Certificate Provider usually has explicit instructions on what do do. Here is Verisign's page, for example: https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR235 Parts 4 to 6 are correct. Step 0 on the other hand is to ensure that all your clients already trust the Comodo Root Cert, otherwise you are going to have to import that root cert onto them manually. If you have a domain, you can create a group policy that will install the root cert onto all of your clients. Then again, if you have your own domain, why not use your own CA......?


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I

Re: CA Transition Steps?

Comodo's Instant SSL Certificate works just fine. It was much simpler than I imagined to make the switch from Verisign to Comodo. All you do is create a CSR in IIS and after Comodo creates the Certificate, you import it using IIS. That's it. You are done. IAS automatically switches to the new Certificate. So steps 4 & 5 were replaced with the IIS import.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: