Wireless Access

Reply
Occasional Contributor II

SHA256

Recently we upgraded all our internal CA servers to use SHA256 and renewed the root certs accordingly.  When we changed the radius server to use the new root CA it breaks our 802.1X wireless network on campus.  Opneed a case with Aruba and they put it back to the old SHA1 and it is working now but we to use SHA256 - anyone else make this change and what am I missing?

Guru Elite

Re: SHA256

Do your clients already trust the new certificate?

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor II

Re: SHA256

Current SHA1 yes - I assume you will be presented with the trsut option when I change the cert to SHA256 like we were with the SHA1.  Is this correct?

Guru Elite

Re: SHA256

It depends on the client, but many clients will simply refuse to connect when the server's certificate changes regardless.  Did you test it with any of your clients?

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor II

Re: SHA256

Yesterday, I swapped to SHA256 on radius server and when Idisconnect wifi on iphone and reconnected it failed.  The only way Aruba could get it to work was swapping back to SHA1 cert.  I even forget wireless network and still nothing.

Guru Elite

Re: SHA256

You should have left the SHA-1 root and created a new SHA-256 intermediate.


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: SHA256

We did but when I go to change the cert on radius to the new SHA256 authentication stops.

David A. Mattox
Manager of Systems Operations
Millsaps College
Direct (601) 974-1149
@MillsapsITS
Guru Elite

Re: SHA256

Make sure the server certificate is chained with the new intermediate.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: SHA256

Ok, something has happened and now I am having network issues. Open TAC and they looked and said issue is NPS server is rejecting EAP authentication due to cert. They could not help. I followed the steps to do a new NPS cert using the SHA256 and used it on EAP and nothing. Swapped back to old SHA1 cert and nothing. Laptop keeps failing with EAP explicit error. So I need your guidance or a support call to Microsoft.

David A. Mattox
Manager of Systems Operations
Millsaps College
Direct (601) 974-1149
@MillsapsITS
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: