Wireless Access

Reply
Frequent Contributor I

only one internal root certificate possible

Hi,

 

we're facing the following scenario...  We've got several controllers which use an internal root certificate for staff 802.1x authentication (reason we're doing this is because they do not always have outgoing network connection, as in 'it's a ship').

 

We now have to migrate our pki infrastructure to sha2, which means a new root certificate

 

As far as i found, it's only possible to define one root certificate per ssid?   Am i correct here?  Which means it's a big-bang migration per controller.  When the root certificate is changed, the endpoint must get a new certificate.  

Guru Elite

Re: only one internal root certificate possible

Which RADIUS server are you using?
Which EAP method are you using?
Are device supplicants managed or unmanaged?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: only one internal root certificate possible

Sorry for the delay...

 

Internal root certificate on controller is used.  No remote radius server.

We use eap-tls.

Device supplicant are partly managed.  We send settings via gpo.  But the client certificate is user-managable through a pki client.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: