Security

Reply
Occasional Contributor I

Make wlan controller to handle peap-eap auth/certificates

Hi All,

 

We have been stuck in an issue regarding certificates from a win2008 radius server. In order to make our eap-peap authentication to work we have to install the winserver's certificate in each user's pc. Is there a way to have the controller to handle this task instead of install the certificate in all computers?

 

My controller's model is 3400 with version 6.4.2.17

 

regards!

 

 

Guru Elite

Re: Make wlan controller to handle peap-eap auth/certificates

How are your user's supplicants being configured? Are they managed using a GPO/EMM solution?

 

Is your certificate public or privately signed?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: Make wlan controller to handle peap-eap auth/certificates

it is a private cert generated by auto in the server. and as supplicant we are not using a specific one (I believe the one we have windows as default) , we just propagate the SSID without termination setting.

 so far I can see we have the CSR generated in the certification option.

 

 

 

 

Guru Elite

Re: Make wlan controller to handle peap-eap auth/certificates

If you don't want to add the certificate manually, you'll need to get a public CA-signed EAP server certificate.

 

Please keep in mind that using PEAPv0/EAP-MSCHAPv2 with unconfigured clients puts your user's credentials in jeopardy as this EAP method is highly susceptible to man-in-the-middle attacks with unconfigured clients.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: