Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

RADIUS certificate 'not verified'

This thread has been viewed 1 times

  • 1.  RADIUS certificate 'not verified'

    Posted Sep 03, 2014 10:19 AM

    We're using Clearpass to authenticate access requests to our wireless networks which are provided from Aruba controllers.  Although we've installed a RADIUS certificate from a public CA (GoDaddy), iOS devices still state that the CA isn't verified and prompts users to accept.

     

    I've tried (to no avail):

     

    Use a certificate from a different public CA (DigiCert)

    Confirmed that the root certificate is included in the iOS root store

    Combined intermediate and server certificate

     

    I have read that this behaviour is expected on iOS devices, but I find it hard to believe that this is the case given the number of non-managed iOS devices that must require seemless authentication.

     

    Any input on this would be much appreciated...



  • 2.  RE: RADIUS certificate 'not verified'
    Best Answer

    EMPLOYEE
    Posted Sep 03, 2014 10:20 AM

    There are many posts on this topic.

     

    This is a normal part of the EAP-PEAP/EAP-TTLS/EAP-TLS process. It has NOTHING to do with whether the certificate is signed by a public CA. It is asking if you trust this "server" (common name in the cert) to send your credentials to, for the connection to this network (SSID).

     

    Therefore, if you have two SSIDs that use different certs signed by the same CA, you will still receive the prompt the first time you connect to each network.

     

    You will see this the first time you connect, across all platforms unless the device is pre-configured (Profile push, MDM, Group Policy, QuickConnect, Onboard, etc)