12-28-2015 05:32 PM
Sorry if this has been answered somewhere, I just couldn’t find it. It seems like a typical issue with BYOD.
Our secured WiFi authentication methods is EAP-TLS only. If a user’s BYOD wants to access the secured Network, she must be OnBoarded, accepted, and installed domain certificate chain. A typical OnBoarding process.
Problem: user already onboarded her laptop with her school, therefore another certificate resides in her personal certificate store. When she connects to my secured network, her laptop only presents her school certificate, thus fails the authentication.
Question: Can CPPM Ignore or skip the unknown certificate(s)? or at least check all certificates to find the match?
Solved! Go to Solution.
12-28-2015 05:34 PM
what is presented by the client.
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
12-28-2015 05:39 PM
It all depends on the client;
In Windows you have "Use simple certificate selection" which could give the user a list of certificates that they can try, but again, only one can be selected and sent to the radius server. https://social.technet.microsoft.com/Forums/en-US/
On moble platforms, it is much more restricted where you have to setup a WLAN and a certificate that will be used for that WLAN at the same time. This all of course depends on the mobile platform. There is no single solution across all platforms that will deal with this. Better to onboard with unique username and password to sidestep that issue.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
12-29-2015 07:45 AM
Thank you both Tim and Colin for your responses. I am going to accept Colin's solution for now, at least it works for Windows. We will deal with MacBook at another time.
All the other devices can use guest as they only need to access to the Internet.
12-30-2015 06:59 AM
Tested and found it works in Windows 8 and 10:
When you click "Connect using a certificate" it will present a list of personal certificate for you to pick.