Wireless Access

last person joined: 2 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Difference between (Default) Server Certificate and Current CA Certificate

  • 1.  Difference between (Default) Server Certificate and Current CA Certificate

    Posted Sep 23, 2020 12:24 AM

    ***This is my 3rd post to our community***

    Hi Experts,

     

    Just wanted to ask, I am confused what is the difference between the (Default) Server Certificate and Current CA Certificate.

    I've read that whenever a Clients/laptops tries to connect to a Wireless LAN, the Server requests that the client transmit its authentication certificate (WHAT IS THIS AUTHENTICATION CERTIFICATE AND HOW COME THE SERVER IS ASKING THE LAPTOP FOR THIS???)

    And vice versa, Clients/Laptops can also request and verify the server’s authentication certificate.

     

    Hope you could explain to me in Layman's term

     

    Thank you!!!

     



  • 2.  RE: Difference between (Default) Server Certificate and Current CA Certificate

    Posted Sep 23, 2020 12:38 AM

    About Digital Certificates

    Clients and the servers to which they connect may hold authentication certificates that validate their identities. When a client connects to a server for the first time, or the first time since its previous certificate has expired or been revoked, the server requests that the client transmit its authentication certificate. The client’s certificate is then verified against the CA which issued it. Clients can also request and verify the server’s authentication certificate. For some applications, such as 802.1X authentication, clients do not need to validate the server certificate for the authentication to function.

    Digital certificates are issued by a CA which can be either a commercial, third-party company or a private CA controlled by your organization. The CA is trusted to authenticate the owner of the certificate before issuing a certificate. A CA-signed certificate guarantees the identity of the certificate holder. This is done by comparing the digital signature on a client or server certificate to the signature on the certificate for the CA. When CA-signed certificates are used to authenticate clients, the managed device checks the validity of client certificates using certificate revocation lists (CRLs) maintained by the CA that issued the certificate.

    Digital certificates employ public key infrastructure (PKI), which requires a private-public key pair. A digital certificate is associated with a private key, known only to the certificate owner, and a public key. A certificate encrypted with a private key is decrypted with its public key. For example, party A encrypts its certificate with its private key and sends it to party B. Party B decrypts the certificate with party A’s public key.

     

    **

    Starting from ArubaOS 8.0.1, Mobility Master and managed devices generate a default certificate (controller-issued server certificate) to demonstrate the authentication of the managed device for captive portal and WebUI management access while booting. The controller-issued server certificate is used as the default certificate for WebUI authentication, 802.1X termination, and Single Sign-On (SSO).**

     

    Read more here:

    https://www.arubanetworks.com/techdocs/ArubaOS_801_Web_Help/Content/ArubaFrameStyles/Management_Utilities/Managing_Certificates.htm

     

     

    How to? , Read more here:

    https://community.arubanetworks.com/t5/Controller-Based-WLANs/How-do-I-generate-install-and-manage-a-certificate-for-the/ta-p/193047