03-25-2014 02:03 PM
We have setup an SSID with 802.1x EAP which supports "PEAP" and "smart card or other certificate" authentication modes. Users log in using their domain credentials. What we want to achieve is this:
We have a couple of machines which we want to connect to but without entering user credentials. We want to use a certificate from our internal CA to authenticate the client on SSID. What is the correct way of doing it?
Is there any way (or any other post on this forum) which highlight how we can get the certificate from our CA to enroll the machine manually? Systems on domain are already enrolled obviously but the systems we want to connect will be like Kiosk machine and are not on domain.
Thanks in anticipation.
Solved! Go to Solution.
03-25-2014 05:20 PM
You should look on Microsoft's forum to do this. Most people stick with WPA2 and PEAP because issuing, distributing, revoking certificates are so time and labor intensive. In addition, you then have to make sure what certificate is assigned to whom and then have someone who has the skills in your company maintain and revoke their certificate. It is hard enough keeping track of accounts in active directory, but it is much harder to keep track of EAP-TLS certificates for non-domain users, because you do not have control over their devices.
ClearPass Onboard simplifies distributing, issuing, revoking and tying an EAP-TLS certificate to a user account for non-domain devices. If you do not have something like ClearPass Onboard, you are looking at a great deal of management overhead...
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base
02-08-2017 08:39 PM
02-08-2017 08:45 PM
02-08-2017 08:52 PM
Customer has own CA. we want to identify device based on certficated issued by own CA & also user will be identify using corporate AD.
This machine certificate will be installed manually on Non-Domain/workgroup customer owned devices.