Security, WIDS/WIPS and Aruba ECS

Reply
Occasional Contributor I
Posts: 7
Registered: ‎05-14-2010

Comodo UC Certificate?

Has anyone used the Comodo UC Certificate? I am trying to make sure I buy something that works with IAS and Aruba. I have 3 IAS Radius Servers and the Comodo UC Certificate supports 3 Domains. If this works it would cost me 25% of what I pay Verisign for 3 Certs.
Thanks
Guru Elite
Posts: 21,522
Registered: ‎03-29-2007

Certificate

Alex,

The certificate, if you are applying it to your radius server only has to be trusted by your laptop clients, to work. The "authenticator" or Aruba Controller in this situation, is Not involved when you are doing PEAP on your radius server.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 100
Registered: ‎11-07-2008

Re: Comodo UC Certificate?

We have an enterprise account through Comodo. I was going to try it this summer and see if it works. We have been using a Verisign WLAN cert for a few years, but they are costly and now we have an enterprise account so we've prepaid for all our certs. I'll let you know how it goes.
Guru Elite
Posts: 21,522
Registered: ‎03-29-2007

Not advertising

I'm not advertising for the site, but www.rapidssl.com has a number of certs from known trusted authorities like geotrust for what seems like less money. I'm sure that there are more sites like this.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor I
Posts: 7
Registered: ‎05-14-2010

Instant SSL Certificate

Comodo's Instant SSL Certificate works just fine. It was much simpler than I imagined to make the switch from Verisign to Comodo. All you do is create a CSR in IIS and after Comodo creates the Certificate, you import it using IIS. That's it. You are done. IAS automatically switches to the new Certificate.
New Contributor
Posts: 4
Registered: ‎09-10-2009

certs on controller?

Don't mean to hijack, but figured I'd toss more cert discussion here.
We acquired a 30 day free cert from rapidssl, and put it on the controller (termination enabled). But windows 7 shows the security alert that "Equifax Secure Certificate Authority is not configured as a valid trust anchor for this profile".
additionally, a Mac shows "The server certificate is not trusted because there are no explicit trust settings".

Both OSs "admit" that it is indeed a valid cert. (name, expiration, etc.. are all ok).

So does this mean that rapidssl's root CA is not preloaded into Macs and Windows boxes? I'm still waiting for the free cert from comodo, to see if that one works without all these warning messages.
Guru Elite
Posts: 21,522
Registered: ‎03-29-2007

Rapid SSL


Don't mean to hijack, but figured I'd toss more cert discussion here.
We acquired a 30 day free cert from rapidssl, and put it on the controller (termination enabled). But windows 7 shows the security alert that "Equifax Secure Certificate Authority is not configured as a valid trust anchor for this profile".
additionally, a Mac shows "The server certificate is not trusted because there are no explicit trust settings".

Both OSs "admit" that it is indeed a valid cert. (name, expiration, etc.. are all ok).

So does this mean that rapidssl's root CA is not preloaded into Macs and Windows boxes? I'm still waiting for the free cert from comodo, to see if that one works without all these warning messages.




Rapidssl sells a number of certificates, like Geotrust. Attached is a document that I obtained recently (thanks to that engineer in the south) that says a few public certificates that appear by default in windows. Hopefully that helps.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 4
Registered: ‎09-10-2009

certs..

thanks, I already checked that list though. RapidSSL/FreeSSL isnt really listed, but Equifax is (as Verisign's Root CA).

The 30 day cert from RapidSSL/FreeSSL works perfectly fine for the webgui, without any warnings/popups, but not for PEAP/EAP/dot1x. So I am wondering what the deal is, and looking for someone who has a "known to work" one. The Comodo one seems to not be going through, still pending. GoDaddy only wants $25/yr for a cert, so I might just pay for that out of my own pocket to test it.
The main issue is that each company offers about 5 (or more) levels of certs, and even that list doesnt say if windows will like whatever flavor as an EAP cert.
Occasional Contributor II
Posts: 100
Registered: ‎11-07-2008

Re: Comodo UC Certificate?

I heard from another university that we work closely with, the GoDaddy cert will work, but you will still get warnings.
Guru Elite
Posts: 21,522
Registered: ‎03-29-2007

Thumbprint


thanks, I already checked that list though. RapidSSL/FreeSSL isnt really listed, but Equifax is (as Verisign's Root CA).

The 30 day cert from RapidSSL/FreeSSL works perfectly fine for the webgui, without any warnings/popups, but not for PEAP/EAP/dot1x. So I am wondering what the deal is, and looking for someone who has a "known to work" one. The Comodo one seems to not be going through, still pending. GoDaddy only wants $25/yr for a cert, so I might just pay for that out of my own pocket to test it.
The main issue is that each company offers about 5 (or more) levels of certs, and even that list doesnt say if windows will like whatever flavor as an EAP cert.




The thumbprint on the CA certificate is what counts. From what I have seen, even if you have the cert in there, the first time it always asks you to trust it. I could be wrong.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base