Wireless Access

Reply
New Contributor
Posts: 2
Registered: ‎06-19-2013

Certificate problem

I am running into a problem trying to join a wireless network using eap-tls.  I have my own CA (openssl) that I have signed certs with, I have an original cert and one the was created about a year later with the same process both signed by the same CA.  When I load the original cert along with the CA cert onto an ipad I can connect.  When I load the new cert on with the CA cert I get an unable to join the network.  

 

I am not running a Radius server to the best of my knowledge.  I was looking through the debug logs and it looks like everything is the same between the device authentication with the different certs up until the point that it give a IP address.  The new cert gives the device a 0.0.0.0 where as the old one gives it a vaild IP address..

 

I also noticed when I try and load the new cert I get a mon_mgr_thread_dev_add: dev sta inst "MAC ADDRESS HERE" already exists.  Is the Aruba Network storing the association of the old cert with the MAC and that is causing issues.  It is also giving the device no matter what cert the same name and that is the name of the original cert.

 

Any information on this topic would be helpful

Guru Elite
Posts: 20,966
Registered: ‎03-29-2007

Re: Certificate problem

You must be clear about what you are doing.  There is a difference between client cert, CA cert, and server cert.  When you say new cert and old cert, you have to say what types so we know what steps you are taking.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor
Posts: 2
Registered: ‎06-19-2013

Re: Certificate problem

I am using the same CA cert and server cert.  I have tried to create new client certs that are not working with the old server/CA certs.  The new and old client certs both verify in openssl when I run checks on them that they are signed by the correct CA.

 

I have also updated the CRL.  On the controller sits the CA trusted cert, a Server cert, and an updated CRL.  On the wireless device there is the CA trusted cert and the new and old client certs.  The old client certs allow the device to connect to the network, and the new certs do not allow the device to connect to the network.

 

Thanks,

Dan

Guru Elite
Posts: 20,966
Registered: ‎03-29-2007

Re: Certificate problem

You will probably have to open a support case.  If the only thing you changed is the CRL, that is where I would start.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: