Wireless Access

Reply
Occasional Contributor I
Posts: 8
Registered: ‎07-16-2013

Validate Server Certificate

[ Edited ]

Most of our clients use laptops with Windows 7/8 installed on them. We just had the Aruba wireless AP's, Controllers and ClearPass installed last week and this week we're running into a problem where we have to uncheck "Validate Server Certificate" under properties for the connection for our clients to be able to connect. Doens't seem like a huge deal, except that anytime a clients machine restarts the check mark is there again and we have to go back down and uncheck it again. Times this by 50 teachers and come school time it's going to be a nightmare.

 

So my question is, do we need to install a certificate on our controller and backup controller, or is this a clientside problem? As of right now I know we do not have a server certificate installed on the controller.

 

Any advice is appreciated, I'm a Jr. Sys Admin and had this dropped in my lap, so feel free to explain it to me like I'm a five year old.

 

Thanks!

Joshua

Guru Elite
Posts: 8,467
Registered: ‎09-08-2010

Re: Validate Server Certificate

Are the laptops joined to an AD domain?


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 8
Registered: ‎07-16-2013

Re: Validate Server Certificate

Yes they are. Users log in using their AD logon.

Guru Elite
Posts: 8,467
Registered: ‎09-08-2010

Re: Validate Server Certificate

If these Windows machines are joined to an Active Directory domain, you can create a GPO that configures the wireless profile.

 

Computer Configuration > Policies > Windows Settings > Security Settings > Wireless Network (802.11) policies.

 

Be sure you select the Root CA and enter in the names of the RADIUS servers (name that is presented in the cert).

 

You'll need to look at your RADIUS server cert to get the name of the Root CA and the Common Name of the cert.

 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I
Posts: 8
Registered: ‎07-16-2013

Re: Validate Server Certificate

I think I get most of that, thank you for the help!

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Validate Server Certificate

Try taking a look at Aruba's QuickConnect.  It will automate the 802.1x supplicant config on all machines...not just ones joined to the domain.

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Occasional Contributor I
Posts: 8
Registered: ‎07-16-2013

Re: Validate Server Certificate

And where would I find that at? Is that inside of clearpass or a standalone application?

Guru Elite
Posts: 8,467
Registered: ‎09-08-2010

Re: Validate Server Certificate

It is a separate application that you configure from Aruba's cloud portal (quick1x.com) and then download the package which you can host on ClearPass for users to access.

 

It is licensed by total number of users.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: