Security

Reply
Contributor I
Posts: 21
Registered: ‎02-26-2016

Changing RADIUS Certificate on Clearpass - Device Authentication

I need to change the RADIUS certificate in clearpass. I am using the ClearPass RADIUS server for a few purposes - Device Authentication as well as EAP-TLS Authentication.

 

 

I know that EAP-TLS clients check this certificate and will prompt the user if the certitifcate is not trusted. I can solve this by deploying the new certificate to all clients.

 

What I'm not sure about however is if Devices using RADIUS for authentication will stop functioning if the certificate is changed. Do devices check the RADIUS certificate?

 

Thanks,

Guru Elite
Posts: 20,573
Registered: ‎03-29-2007

Re: Changing RADIUS Certificate on Clearpass - Device Authentication

Many devices require the user to click on "Accept" when the radius server certificate is changed.  On windows devices you can push the Radius Server's Certificate to the trust list ahead of time using group policy.  With other platforms, it will stop communicating until the user clicks on "Accept"..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Contributor I
Posts: 21
Registered: ‎02-26-2016

Re: Changing RADIUS Certificate on Clearpass - Device Authentication

Ah sorry I wasn't super clear - I have networking equipment authentication happening via RADIUS. For example routers and switches.

 

Do these devices check the RADIUS certificate? How can I tell?

 

I'm leaning towards no, as access tracker shows these as type PAP.

Guru Elite
Posts: 20,573
Registered: ‎03-29-2007

Re: Changing RADIUS Certificate on Clearpass - Device Authentication

PAP does not use a server certificate.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: