Security

Reply
Occasional Contributor II
Posts: 22
Registered: ‎03-14-2014

mac osx key chain

Current environment has NPS server and Cisco WLC.  Installed Aruba 7200 controllers and ClearPass.  Installed the a radius certificate from the same windows CA server that signed the certificate for NPS.  Users on the old Cisco / NPS environment with OSX dont get prompted to trust the NPS server certificate.  When testing dot1x on new Aruba / ClearPass environment users get prompted to trust ClearPass certificate even though both NPS/ClearPass certs were signed by the same root CA.  I am not a MAC person!  Any ideas?

ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Guru Elite
Posts: 8,052
Registered: ‎09-08-2010

Re: mac osx key chain

If the cert has new thumbprint and/or common name, users will be prompted to accept.


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 22
Registered: ‎03-14-2014

Re: mac osx key chain

Ok, but they are being prompted each time they connect.

ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Guru Elite
Posts: 8,052
Registered: ‎09-08-2010

Re: mac osx key chain

Were the clients preconfigured or did the users connect on their own?


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 22
Registered: ‎03-14-2014

Re: mac osx key chain

So we duplicated the settings from the WLC on the Aruba solution and on the windows side everything is so matched up that we didnt even need to change the GPO pushing the WiFi settings to the windows computer so I can safely say the setting must be pretty good.  On the mac side we tried taking an existing machine to a part of the building that doesnt have the Cisco and only the Aruba and we get the error to trust the cert.  We also get the error when we delete the profile and recreate it.  It seems that the mac is not living up to the always trust this certificate setting when checked.

ACMX #252, ACCP, AWMP, CCNP Wireless & Security
Guru Elite
Posts: 8,052
Registered: ‎09-08-2010

Re: mac osx key chain

But after duplicating the settings, you were still pointing at ClearPass with a new cert correct?

 

Do you by chance have termination enabled in the 802.1X profile?

 

In ClearPass access tracker, is there an alerts tab for the authentication request?


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Search Airheads
Showing results for 
Search instead for 
Did you mean: