Security

Reply
Frequent Contributor I
Posts: 72
Registered: ‎09-19-2011

Certificate on CPPM

Hi All,

 

We are performing EAP-TLS authetication.

 

Enterprise Active directory is going to issue certificates to domain computer and domain users and CPPM just authenticates.

 

We need clarification that do we need to upload any certificate on CPPM for EAP-TLS if the root CA is from AD.

 

 

Regards,

Nithin Kumar C V

Guru Elite
Posts: 20,572
Registered: ‎03-29-2007

Re: Certificate on CPPM

[ Edited ]

Nithin wrote:

Hi All,

 

We are performing EAP-TLS authetication.

 

Enterprise Active directory is going to issue certificates to domain computer and domain users and CPPM just authenticates.

 

We need clarification that do we need to upload any certificate on CPPM for EAP-TLS if the root CA is from AD.

 

 

Regards,

Nithin Kumar C V


You do need to upload the CA's root certificate to CPPM's trusted root authority to authenticate EAP-TLS users.  You will also have to issue CPPM a server certificate that your EAP-TLS clients trust.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 72
Registered: ‎09-19-2011

Re: Certificate on CPPM


You do need to upload the CA's root certificate to CPPM's trusted root authority to authenticate EAP-TLS users.

 

-------You mean to say that we have to import the Root CA to CPPM at Server certificate tab.

 

You will also have to issue CPPM a server certificate that your EAP-TLS clients trust.

 

------- how to do this ?

 


Do u have any document or screen shot.

 

Regards,


Nithin Kumar C V

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Certificate on CPPM

The root cert (and entire trust chain ideally) should be in CPPM's trusted cert list.  That is found in the Adminitration area.

 

CPPM itself needs a server certificate issued BY YOUR CA.  This is so when the client authenticates, the server side of the trust is verified by the client as the same CA ultimately issued the cert.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Search Airheads
Showing results for 
Search instead for 
Did you mean: