Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

radius and certificates

This thread has been viewed 0 times

  • 1.  radius and certificates

    Posted May 15, 2012 09:30 AM

    Hi ,

     

    I am implementing 802.1x for a ssid. 

    AD on one windows 2003 server ( Root CA ) and IAS on other machine.

    Now where do I need to install certificate ( I guess on IAS enabled machine) and which certificate (ROOT CA or I have to request a certificate from root CA for IAS enabled machine)??

     

    Also on Windows XP client I have to select Validate server certificate ?

    and which certification authority I have to check ? Do i need to install Root CA first on XP client then I will Get option for selecting my Certificate Authority ?

     



  • 2.  RE: radius and certificates

    EMPLOYEE
    Posted May 15, 2012 10:52 AM

    check the thread here:  http://community.arubanetworks.com/t5/Authentication-and-Access/Step-by-Step-How-to-Configure-Microsoft-IAS-Radius-Server-from/m-p/14391/highlight/true#M80

     

    You also might try searching for Windows 2003 in case you have any issues.



  • 3.  RE: radius and certificates

    Posted May 15, 2012 12:01 PM

    Thanks for your reply..

    I have implemented radius but need some clarity regarding the certificates part...what kind of certificate should be present on IAS enabled machine ?



  • 4.  RE: radius and certificates

    EMPLOYEE
    Posted May 15, 2012 07:00 PM

    Hi

     

    Your IAS server should have a Server Certificate, and clients should validate that the server certificate (presented by the IAS server) is signed by your CA.

     

    Regards



  • 5.  RE: radius and certificates

    Posted May 16, 2012 08:21 AM

    Hi,

     

    Now, I have AD and CA on one Windows 2003 server. (server 1)

     

    IAS enabled on second server . To obtain certificate for IAS enabled server , in Internet Explorer I have put  <server1 IP>/certsrv

    which certificate is to be installed >> there are two options 1. request a certificate  2. Download CA certificate >>> what to select ?

     

    Also on client laptop CA certificate is to be installed ?



  • 6.  RE: radius and certificates

    EMPLOYEE
    Posted May 16, 2012 08:22 AM

    1.  Request a Certificate.  Computer Certificate.

     

    2.  Client does not need one distrubuted in this manner.

     



  • 7.  RE: radius and certificates

    Posted May 16, 2012 08:32 AM

    thanks colin, 

     

    one last question,

    Following is XP client config Is it correct,

    TestCA is my Root CA and after installing on this XP Client I got the TestCA checkbox...is it required....or

    or we can just tick Validate Server Certificate box and leave 'Trusted Root CA 'unchecked...

     

     

     

    untitled.JPG



  • 8.  RE: radius and certificates

    EMPLOYEE
    Posted May 16, 2012 08:36 AM

    Not required, but it locks it down so that your client will only connect if the radius server it authenticates to has that CA certificate.