Security

Reply
Occasional Contributor I
Posts: 6
Registered: ‎05-06-2009

What will happen when the AD server cert expires in an 802.1x PEAP environment?

I have a 802.1x setup with NPS on AD.  It is currently using the domain server certificate.  We are using mobility controllers.  Everything is going fine so far, however I noticed that the server cert is set to expire in a little over a month.  What happens when it expires?  Are the end users going to lose connectivity?  Will the cert renew itselt?  Is this an issue every year for people?  What is the recommended way to handle certificate renewals?  It's a self-signed cert.  I'm very new to the realm of 802.1x so any other advice you can give me dealing with this is appreciated.  We are mostly Apple but plenty of windows devices and chomebooks as well.

 

Guru Elite
Posts: 8,007
Registered: ‎09-08-2010

Re: What will happen when the AD server cert expires in an 802.1x PEAP environment?

If the certificate is expired, clients should not send their credentials to the RADIUS server and will not continue with authentication.

When the certificate is replaced, most clients will receive a popup asking them to verify the new certificate.

Are you managing 802.1X through an MDM, group policy, etc?


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor I
Posts: 6
Registered: ‎05-06-2009

Re: What will happen when the AD server cert expires in an 802.1x PEAP environment?

I pushed the wireless settings out via group policy for windows and the google apps management platform for the chromebooks, but no MDM for the macs

Search Airheads
Showing results for 
Search instead for 
Did you mean: