Security

Hi All,

We are performing EAP-TLS authetication.

Enterprise Active directory is going to issue certificates to domain computer and domain users and CPPM just authenticates.

We need clarification that do we need to upload any certificate on CPPM for EAP-TLS if the root CA is from AD.

Regards,

Nithin Kumar C V

---

@Nithin wrote:

Hi All,

 

We are performing EAP-TLS authetication.

 

Enterprise Active directory is going to issue certificates to domain computer and domain users and CPPM just authenticates.

 

We need clarification that do we need to upload any certificate on CPPM for EAP-TLS if the root CA is from AD.

 

 

Regards,

Nithin Kumar C V

---

You do need to upload the CA's root certificate to CPPM's trusted root authority to authenticate EAP-TLS users.  You will also have to issue CPPM a server certificate that your EAP-TLS clients trust.

You do need to upload the CA's root certificate to CPPM's trusted root authority to authenticate EAP-TLS users.

-------You mean to say that we have to import the Root CA to CPPM at Server certificate tab.

You will also have to issue CPPM a server certificate that your EAP-TLS clients trust.

------- how to do this ?

Do u have any document or screen shot.

Regards,

Nithin Kumar C V

The root cert (and entire trust chain ideally) should be in CPPM's trusted cert list.  That is found in the Adminitration area.

CPPM itself needs a server certificate issued BY YOUR CA.  This is so when the client authenticates, the server side of the trust is verified by the client as the same CA ultimately issued the cert.