11-09-2016 10:34 AM
I have another question around 802.1X access.
We have recently joined another company, they have a corprate wifi network as do we with similar authentication methods.There is already AD trust between the 2 company domians and all laptops are installed with machine certs trusted by the PKI from the respective company.
They require access to our environmnet and my thinking was that the easiest way would be to install another server certificate on CPPM but you can only install one on it. However, another question comes from this - is the server certificate actually used in the 802.1X process? If not do I just need to install the Intermediate and Root CA's that the other companies laptops have been issued from in the Trust List in CPPM and go from there.
11-09-2016 10:40 AM
You should get a consultant, is the best answer to this question.
All of your clients should trust the server certificate in ClearPass to be able to connect successfully. Alternatively, they can simply trust the CA that issued the server certificate.
The AD trust does not come into play with the certificate piece, depending. Unless that single instance of CPPM can today authenticate users of both domains, you might have to join CPPM to two domains specifically to authenticate usernames and passwords.
Those are just general things to look out for, but there might be many more depending on how you are setup and what resources your clients need to get to. Being that there are many details of your network that are unknown or that you cannot disclose here, you should engage a consultant who knows your network or TAC if you would like to try it yourself.
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base