Wireless Access

Frequent Contributor I

only one internal root certificate possible



we're facing the following scenario...  We've got several controllers which use an internal root certificate for staff 802.1x authentication (reason we're doing this is because they do not always have outgoing network connection, as in 'it's a ship').


We now have to migrate our pki infrastructure to sha2, which means a new root certificate


As far as i found, it's only possible to define one root certificate per ssid?   Am i correct here?  Which means it's a big-bang migration per controller.  When the root certificate is changed, the endpoint must get a new certificate.  

Guru Elite

Re: only one internal root certificate possible

Which RADIUS server are you using?
Which EAP method are you using?
Are device supplicants managed or unmanaged?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: only one internal root certificate possible

Sorry for the delay...


Internal root certificate on controller is used.  No remote radius server.

We use eap-tls.

Device supplicant are partly managed.  We send settings via gpo.  But the client certificate is user-managable through a pki client.

Search Airheads
Showing results for 
Search instead for 
Did you mean: