Security, WIDS/WIPS and Aruba ECS

Reply
Occasional Contributor II
Posts: 37
Registered: ‎05-25-2011

Trust CA Root

We are looking to streamline access to our SSID and currently having an issue where the CA Root (currently using the default cert on the controller) is not a trusted authority. I know all we have to do is get the authority checked in the setting, but we don't want to have to touch every device to do so. What are some alternative methods that we can use? Thanks.
Guru Elite
Posts: 20,761
Registered: ‎03-29-2007

Re: Trust CA Root

You can purchase your own SSL certificate that is trusted by all of your clients and import that into your controller, is the correct answer. You can also use group policy so that your clients trust the built-in CA, but that is a very, very insecure workaround.


Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

MVP
Posts: 951
Registered: ‎04-13-2009

Re: Trust CA Root

If you have a windows environment you could install certificate services and Internet Authentication Service (on 2003 or Network Policy Server on 2008) and use 802.1x authentication for your SSID.

I've got a document detailing how to set up the windows side of things that I'm happy to share if you'd like.
Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Trust CA Root


If you have a windows environment you could install certificate services and Internet Authentication Service (on 2003 or Network Policy Server on 2008) and use 802.1x authentication for your SSID.

I've got a document detailing how to set up the windows side of things that I'm happy to share if you'd like.




I'm running into a bit of an issue with this too. Could you PM me the doc you are speaking of? No matter what I do, the cert still comes up as "Unverified." We are using a valid Verisign WLAN cert.

According to Jon Green at Airheads Dallas, if it comes up as "Unverified" then we are doing something wrong. But it looks like a few of the major universities are telling people to just click OK.

That scares me. That's a major security risk.

Thanks,
Zach
Thanks,

Zach Jennings
MVP
Posts: 951
Registered: ‎04-13-2009

Re: Trust CA Root

Is this issue regarding your guest SSID or your corporate one?

I don't want to give you something without getting more info as if it's not helpful for your scenario then it will just confuse.
Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Trust CA Root


Is this issue regarding your guest SSID or your corporate one?

I don't want to give you something without getting more info as if it's not helpful for your scenario then it will just confuse.




Corporate one, encrypted for students and staff. But the majority of the computers will not be on the domain (so no way to push out the cert using Group Policy).

Thanks,
Zach
Thanks,

Zach Jennings
MVP
Posts: 951
Registered: ‎04-13-2009

Re: Trust CA Root

OK in that case it won't be applicable.

I'd recommend that you have a read of the "Managing Certificates" section of the OS user guide then create a new thread if you're still having issues. Make sure your new thread (if you make one) contains as much information about the issue as possible. Include screenshot if you think it'll help.
Cheers
James

-------------------------------------------------------
-------------------@whereisjrw-------------------
------------------------blog-------------------------
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
-------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Aruba Employee
Posts: 571
Registered: ‎04-17-2009

Re: Trust CA Root


OK in that case it won't be applicable.

I'd recommend that you have a read of the "Managing Certificates" section of the OS user guide then create a new thread if you're still having issues. Make sure your new thread (if you make one) contains as much information about the issue as possible. Include screenshot if you think it'll help.




Will do. Thanks!

Zach
Thanks,

Zach Jennings
Search Airheads
Showing results for 
Search instead for 
Did you mean: