Security

Reply
Frequent Contributor II
Posts: 106
Registered: ‎01-01-2012

radius and certificates

Hi ,

 

I am implementing 802.1x for a ssid. 

AD on one windows 2003 server ( Root CA ) and IAS on other machine.

Now where do I need to install certificate ( I guess on IAS enabled machine) and which certificate (ROOT CA or I have to request a certificate from root CA for IAS enabled machine)??

 

Also on Windows XP client I have to select Validate server certificate ?

and which certification authority I have to check ? Do i need to install Root CA first on XP client then I will Get option for selecting my Certificate Authority ?

 

Guru Elite
Posts: 19,945
Registered: ‎03-29-2007

Re: radius and certificates

check the thread here:  http://community.arubanetworks.com/t5/Authentication-and-Access/Step-by-Step-How-to-Configure-Microsoft-IAS-Radius-Server-from/m-p/14391/highlight/true#M80

 

You also might try searching for Windows 2003 in case you have any issues.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Frequent Contributor II
Posts: 106
Registered: ‎01-01-2012

Re: radius and certificates

Thanks for your reply..

I have implemented radius but need some clarity regarding the certificates part...what kind of certificate should be present on IAS enabled machine ?

Moderator
Posts: 862
Registered: ‎07-29-2010

Re: radius and certificates

Hi

 

Your IAS server should have a Server Certificate, and clients should validate that the server certificate (presented by the IAS server) is signed by your CA.

 

Regards

Samuel Pérez
ACMP, ACCP, ACDX#100

---

If I answerd your question, please click on "Accept as Solution".
If you find this post useful, give me kudos for it ;)
Frequent Contributor II
Posts: 106
Registered: ‎01-01-2012

Re: radius and certificates

Hi,

 

Now, I have AD and CA on one Windows 2003 server. (server 1)

 

IAS enabled on second server . To obtain certificate for IAS enabled server , in Internet Explorer I have put  <server1 IP>/certsrv

which certificate is to be installed >> there are two options 1. request a certificate  2. Download CA certificate >>> what to select ?

 

Also on client laptop CA certificate is to be installed ?

Guru Elite
Posts: 19,945
Registered: ‎03-29-2007

Re: radius and certificates

1.  Request a Certificate.  Computer Certificate.

 

2.  Client does not need one distrubuted in this manner.

 

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Frequent Contributor II
Posts: 106
Registered: ‎01-01-2012

Re: radius and certificates

thanks colin, 

 

one last question,

Following is XP client config Is it correct,

TestCA is my Root CA and after installing on this XP Client I got the TestCA checkbox...is it required....or

or we can just tick Validate Server Certificate box and leave 'Trusted Root CA 'unchecked...

 

 

 

untitled.JPG

Guru Elite
Posts: 19,945
Registered: ‎03-29-2007

Re: radius and certificates

Not required, but it locks it down so that your client will only connect if the radius server it authenticates to has that CA certificate.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: