Have you deployed a RADIUS server, like ClearPass for client authentication? As mentioned, that is where the server certificate for 802.1X/WPA-Enterprise should be.
This (old) Technote explains some of the considerations; where in summary for most cases you should have:
- a long running (multi-year) SSL server certificate from a private CA
- install the same certificate on all of your RADIUS servers if you have multiple servers
- install the RootCA certificate that issued your server certificate in your client devices; Apple configurator/MDM/AD-Group-Policies appear a good method of doing so
- install a client certificate to each of your devices whenever possible, avoid username/password as it has known security issues
If you are new to certificates, it may be better to consult someone who does thoroughly understand this matter to go through your requirements, options and best solution.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Apr 01, 2022 03:41 PM
From: Charlie Peters
Subject: Need help with the basics
Hello All,
I am a new network administrator for a school and this is my first time working with aruba controllers.
I need help getting my iPads connected to the controller via Apple configurator and this post will be about certificates.
When I connect an apple device to the wifi, it will pop up with a window asking me to trust the Aruba Server certificate (which expired in 2020). I can connect this way, but would like to try to set it up so I don't have to type in the password for each iPad (this is why I need to use configurator).
I am VERY new to certificates, so I don't know how this works. I assume that the Aruba controller needs a certificate, and the iPads also need a certificate (given from Apple configurator). I just don't know what kind of certificates they need and how to generate them. If anyone can point me in the right direction, I would appreciate it.
Our network is simple (we are just using a WPA2 Enterprise PEAP without individual logins. That is, there are "staff" and "student" logins to the wifi).
I do have access to the webGUI and can SSH, but I don't even know how to find the model name. A big problem is that all of the pages I find do not apply to my specific model (commands, and webGUI are different).
This is all the info I can find:
Name: | Aruba Operating System Software |
Type: | 225 |
Build Time: | 2018-10-04 03:53:40 UTC (build 67129) by p4build |
Version: | 6.5.4.9 |
I apologize if I am posting in the wrong area, but would like a point in the right direction if this is the wrong forum. Thank you!
------------------------------
Charlie Peters
------------------------------