Wireless Access

Reply
Occasional Contributor II
Posts: 38
Registered: ‎09-15-2011

Question about the 802.1x certificate

HI,dear

 I have two basal question to ask. since I don't very clear about the certificate.

 

1.   When the Aruba controller passes 802.1x traffic through to the AAA server,     If the client still want to" use   certificate" , is the certificate  only  depend on  the  radius server ,such as a windows IAS ?

      So in the case, Can I consider that,    I dont need to  import or export any  certificate in Aruba controller  ,  but the  certificate  between wireless clinet-side   and windows IAS should be create ?

 

2 . If  the  controller  be configured to 'terminate' EAP-PEAP and EAP-TLS  ,  how can I import or export the certificate in the client an in the controller ?

 

 

Thank you very much !

Guru Elite
Posts: 21,261
Registered: ‎03-29-2007

Re: Question about the 802.1x certificate

1.  Certificates, by default are configured on the client and the Radius server.  In that case, you do not need to import any certificates into the Aruba Controller.

 

2.  If you want to enable termination on the Aruba controller, this is done if you cannot obtain a certificate for the radius server.

In this case, a certificate is imported into the Aruba Controller.

 

 To see how to import certificates into the Aruba Controller from certificate authorities like Verisign, please see the document here:  http://community.arubanetworks.com/aruba/attachments/aruba/115/6760/1/aruba-certificates.pdf

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 38
Registered: ‎09-15-2011

Re: Question about the 802.1x certificate

THANK YOU !
Occasional Contributor II
Posts: 24
Registered: ‎09-16-2011

Re: Question about the 802.1x certificate

[ Edited ]
can the controller terminate EAP-TLS with this test cert?
I am having difficultties creating a server cert using a enterprise ca..
http://community.arubanetworks.com/t5/Authentication-and-Access/EAP-TLS-Authenication/m-p/19518#M110
Guru Elite
Posts: 21,261
Registered: ‎03-29-2007

Re: Question about the 802.1x certificate

[ Edited ]

Please try the attached from scratch.  Oldie but a goodie.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 24
Registered: ‎09-16-2011

Re: Question about the 802.1x certificate

This looks like what I need..

 

Just a few questions..

 

This is using a standalone CA?

 

the web browser cert is the "user" cert?

 

 

Guru Elite
Posts: 21,261
Registered: ‎03-29-2007

Re: Question about the 802.1x certificate

This is an enterprise domain CA.

 

The browser Cert depends on what you are requesting.  You need to use IE to request it.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 24
Registered: ‎09-16-2011

Re: Question about the 802.1x certificate

I built the CA using this as the format.. I didnt see the same options as the ones in the document you posted.. Is it differnet since i am using server 2008?

 

Guru Elite
Posts: 21,261
Registered: ‎03-29-2007

Re: Question about the 802.1x certificate

do you see options to request a certificate?  Are you using internet explorer to request?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 24
Registered: ‎09-16-2011

Re: Question about the 802.1x certificate

[ Edited ]

I saw the options just not all of them.. I am using IE

 

Ill post screen shots once i get done rebuilding the CA..

 

I also dont have to go back and approve the CSR from the controller, it is approved automatically.. I then get the screen shot in the 3.jpg. when i try to upload this cert as a PEM format it fails, but as a DEM it works fine..

 

I am continuing one with the settings and I dont have "Inner EAP-Type - eap-tls" I have

 

Termination Inner EAP-Type - eap-mschapv2 and eap-gtc

Search Airheads
Showing results for 
Search instead for 
Did you mean: