Wireless Access

Reply
Occasional Contributor II
Posts: 14
Registered: ‎02-14-2011

VIA and iOS 6.x - server certificate size limits?

Scenario:

Attempting to use IKEv2 and eap-mschapv2 auth method. Server certificate is 2048-bit

VIA connection works with Win7 and Android 4 devices using the settings and server certificate in place.

VIA does not work with iOS 6.0.1 device (running latest version of VIA from app store), downloads connection profile but can't connect after that. Using same controller/profiles as Win7/Android.

 

After installing VIA for iOS (2.0.0.2 from app store), via client does the initial web-auth and connection profile download fine, but based on where VIA times out in the connection process after that and cursory review of the logs on the controller seems to suggest that there's an issue with iOS 6.0.1 accepting the Aruba controller's server certificate. There are no prompts/warnings on the iOS client side to confirm this, tapping Connect in VIA after getting the connection profile just results in quickly flipping to Disconnected.

 

Digging around online a bit, this thread indicates there are certificate length issues with both iOS 6 and Mountain Lion, work-around by using a smaller certificate (1024-bit).
https://discussions.apple.com/thread/4158642?start=15&tstart=0

 

 

Are there open known issues with using VIA on iOS 6.0.1 with 2048-bit server certificates? Is anyone successfully using a 2048-bit internal issued (i.e. non-3rd party CA) server certificate with VIA for iOS?

 

 

Moderator
Posts: 245
Registered: ‎09-12-2007

Re: VIA and iOS 6.x - server certificate size limits?

Aruba's own VIA server used by corporate IT has a 2048-bit cert on it, and there are several iOS client connecting.  We're using a certificate from a public CA, however.

 

I'm pretty certain this is a test case for the VIA QA team and has been tested before.  However if the issue is specifically with iOS 6.0.1, it's possible they haven't gone through a new test cycle yet that would replicate it. My suggestion would be to get a TAC case opened - that will trigger someone to go attempt to reproduce the issue for you.

---
Jon Green, ACMX, CISSP
Security Guy
New Contributor
Posts: 4
Registered: ‎12-30-2011

Re: VIA and iOS 6.x - server certificate size limits?

VIA works fine with server cert length of 2048 and even CA of length 2048. i tested this with IOS VIA 2.0.0.2 . if ur still facing issues please open a TAC case , will have a furthur look at it.

 

regards

deepak

VIA QA

Aruba Employee
Posts: 20
Registered: ‎02-02-2012

Re: VIA and iOS 6.x - server certificate size limits?

Scenario:

Attempting to use IKEv2 and eap-mschapv2 auth method. Server certificate is 2048-bit

VIA connection works with Win7 and Android 4 devices using the settings and server certificate in place.

VIA does not work with iOS 6.0.1 device (running latest version of VIA from app store), downloads connection profile but can't connect after that. Using same controller/profiles as Win7/Android.

 

[Vijay[The same connection doesnt work for iOS because the CA certificate corresponding to server certificate has to be there on the client side which is not present. This is a bug on part of windows and Andriod platform where VIA EAP-MSCHApv2 connection works without the CA of the server certificate.

 

After installing VIA for iOS (2.0.0.2 from app store), via client does the initial web-auth and connection profile download fine, but based on where VIA times out in the connection process after that and cursory review of the logs on the controller seems to suggest that there's an issue with iOS 6.0.1 accepting the Aruba controller's server certificate. There are no prompts/warnings on the iOS client side to confirm this, tapping Connect in VIA after getting the connection profile just results in quickly flipping to Disconnected.

 

Digging around online a bit, this thread indicates there are certificate length issues with both iOS 6 and Mountain Lion, work-around by using a smaller certificate (1024-bit).
https://discussions.apple.com/thread/4158642?start=15&tstart=0

 

[Vijay] I have used server certificate lengths of 4096 bit withoout any issues.

 

 

Are there open known issues with using VIA on iOS 6.0.1 with 2048-bit server certificates? Is anyone successfully using a 2048-bit internal issued (i.e. non-3rd party CA) server certificate with VIA for iOS?

Search Airheads
Showing results for 
Search instead for 
Did you mean: