Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

What will happen when the AD server cert expires in an 802.1x PEAP environment?

This thread has been viewed 2 times

  • 1.  What will happen when the AD server cert expires in an 802.1x PEAP environment?

    Posted Jul 26, 2015 05:32 PM

    I have a 802.1x setup with NPS on AD.  It is currently using the domain server certificate.  We are using mobility controllers.  Everything is going fine so far, however I noticed that the server cert is set to expire in a little over a month.  What happens when it expires?  Are the end users going to lose connectivity?  Will the cert renew itselt?  Is this an issue every year for people?  What is the recommended way to handle certificate renewals?  It's a self-signed cert.  I'm very new to the realm of 802.1x so any other advice you can give me dealing with this is appreciated.  We are mostly Apple but plenty of windows devices and chomebooks as well.

     



  • 2.  RE: What will happen when the AD server cert expires in an 802.1x PEAP environment?

    EMPLOYEE
    Posted Jul 26, 2015 05:37 PM
    If the certificate is expired, clients should not send their credentials to the RADIUS server and will not continue with authentication.

    When the certificate is replaced, most clients will receive a popup asking them to verify the new certificate.

    Are you managing 802.1X through an MDM, group policy, etc?


    Thanks,
    Tim


  • 3.  RE: What will happen when the AD server cert expires in an 802.1x PEAP environment?

    Posted Jul 26, 2015 08:23 PM

    I pushed the wireless settings out via group policy for windows and the google apps management platform for the chromebooks, but no MDM for the macs