Wireless Access

last person joined: 2 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

only one internal root certificate possible

This thread has been viewed 0 times

  • 1.  only one internal root certificate possible

    Posted Mar 09, 2018 08:52 AM

    Hi,

     

    we're facing the following scenario...  We've got several controllers which use an internal root certificate for staff 802.1x authentication (reason we're doing this is because they do not always have outgoing network connection, as in 'it's a ship').

     

    We now have to migrate our pki infrastructure to sha2, which means a new root certificate

     

    As far as i found, it's only possible to define one root certificate per ssid?   Am i correct here?  Which means it's a big-bang migration per controller.  When the root certificate is changed, the endpoint must get a new certificate.  



  • 2.  RE: only one internal root certificate possible

    EMPLOYEE
    Posted Mar 09, 2018 10:18 AM
    Which RADIUS server are you using?
    Which EAP method are you using?
    Are device supplicants managed or unmanaged?


  • 3.  RE: only one internal root certificate possible

    Posted Mar 12, 2018 07:59 AM

    Sorry for the delay...

     

    Internal root certificate on controller is used.  No remote radius server.

    We use eap-tls.

    Device supplicant are partly managed.  We send settings via gpo.  But the client certificate is user-managable through a pki client.