Security

Reply
Regular Contributor II
Posts: 242
Registered: ‎09-11-2013

Onboarding in a global cluster?

Hi Forum,

 

To simplify it (for myself of course), I have 3 CP 5k (one in each global region) with a publisher in the US. I configured onboarding and it is working fine. My question is:

Under Onboard>>Configuration>>Network Settings>>edit>>trust tab>>Configure trust:

If I set it to manually configure certificate trust settings, which CP's cert should I add here(from the dropdown)? I understand this cert will be installed on enduser root certs store.

Should it be the publisher's cert or should I add all 4 CP's here? if so, what should I do if I have 10 CPs instead of 4!!

 

Thanks in advance.

Guru Elite
Posts: 8,633
Registered: ‎09-08-2010

Re: Onboarding in a global cluster?

It's recommended to use a single RADIUS/EAP server certificate in a cluster. Is that the case in your environment?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor II
Posts: 242
Registered: ‎09-11-2013

Re: Onboarding in a global cluster?

Thanks for the response Tim!

Each node has it's own Radius cert issued by the root CA (MS PKI).

Guru Elite
Posts: 8,633
Registered: ‎09-08-2010

Re: Onboarding in a global cluster?

You should use the auto trust config then.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor II
Posts: 242
Registered: ‎09-11-2013

Re: Onboarding in a global cluster?

I've noticed with auto trust, iOS devices fail to install the profile.
Guru Elite
Posts: 8,633
Registered: ‎09-08-2010

Re: Onboarding in a global cluster?

Did you do step 1 during onboarding which installs your root CA?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: