Wireless Access

Reply
Occasional Contributor II

Multiple controller certificates for 802.1X

Hi,

 

i need to configure two different controller certificates for different SSIDs.

 

In order to achieve this i configured two 802.1X profiles with termination on the controller (unfortunately one of the RADIUS server is not under our control, so we need to do it this way). It seems obvious to configure both certificates in the advanced configuration tab with "server-certificate" (or via CLI) in the 802.1X profile.

 

Doing so leads to very unexpected behaviour since the controller prompts the wireless clients for client certificates. But in this same profile PEAP/MSCHAPv2 is configured. When configuring no server certificate we see the built-in securelogin.arubanetworks certificate. Changing the CA certifcates in the same 802.1X profile has no effect whatsoever.

 

So, simple question: how can i have two controller certs displayed to the clients depending on the SSID?

 

Best regards,

Andreas

Guru Elite

Re: Multiple controller certificates for 802.1X

The 802.1x profile in the AAA profile has a Server-Certificate parameter.  When you upload a server certificate for EAP-Termination, each certificate appears in that dropdown.  To use two different Server Certificates, each 802.1x WLAN you create will require a different AAA profile, and a different 802.1x profile, each with a different Server Certificate in the dropdown.

 

Does that answer your question?



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II

Re: Multiple controller certificates for 802.1X

Hi,

 

yes, that's exactly what i tried to do.

 

I do have the drop down box with both certificates available. But after chosing one we cannot authenticate anymore using username/password. I get prompted by the Windows 7 wireless client to use client certificates.

 

Best regards,

Andreas Goerlach

Guru Elite

Re: Multiple controller certificates for 802.1X


AndreasG wrote:

Hi,

 

yes, that's exactly what i tried to do.

 

I do have the drop down box with both certificates available. But after chosing one we cannot authenticate anymore using username/password. I get prompted by the Windows 7 wireless client to use client certificates.

 

Best regards,

Andreas Goerlach


I apologize.  You said you already did that.  



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

New Contributor

Re: Multiple controller certificates for 802.1X

Has this problem been answered yet? I just ran into this issue.  I created a new SSID with a new aaa profile, and a new dot1x profile using a different server cert.  And all my old SSIDs started using the new cert.  When I went into the dot1x profile of my old SSID and told it to use the new cert, saved it, and then told it to use the old cert, and saved it, the old SSID went back to using the old cert. However, my new SSId was now using the old cert, despite still being configured in the dot1x profile for the new cert.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: