last person joined: 10 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Certificate issue

This thread has been viewed 15 times
  • 1.  Certificate issue

    Posted May 28, 2021 04:47 AM

    We are experiencing an issue with newly built "Intune built" laptops where they will not join the corporate "Aruba" wifi,  when the laptop tries to connect to the SSID we are prompted for the username and password (This isn't normal) then we get the following message.
    Cert thumbprint

    The thumbprint of the Cert does not exist on any cert in the Computer cert store and nor does that thumbprint exist in the Cert store of a machine that successfully connects.   Can anyone tell me where this thumbprint is being picked up from?  Is it from the controllers, the CPPM 

    ANY help, suggestions, advice or comments will be welcome.     Thanks  

    Jon Higgins

  • 2.  RE: Certificate issue

    Posted May 28, 2021 09:27 AM
    That thumbprint is for the certificate shown (cppmradius.<redacted>). If you see this warning, that means your Intune did not properly configure the client. I assume (hope) you deployed a client certificate and the SSID settings through Intune, and as part of that, you should push and enable the root CA (QuoVadis Global <redacted>) for validation of your RADIUS server.

    Seems there is something wrong with your config, which is hard to solve without having a look at it. Aruba Support may help with that if needed.

    Please note that there is a strong recommendation to use a private signed certificate for RADIUS. Using public certificates has a few issues, like the short maximum running time, and the lack of guarantee that you can renew your certificate from the same CA (that is configured/cached in all of your clients).

    Herman Robers
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.