Wireless Access

last person joined: 7 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

  • 1.  Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

    Posted Mar 17, 2020 05:24 AM

    Hi

     

    Yes I was. In my case we originally used GoDaddy cert for root CA. We then changed to another certificate provided by CSC Corporate Domains and provider was (from memory) AddTrust... Root CA certificate. They cross sign the root ca certificate which was Sha1 with another providers  Sha2 certificate. Clearpass / windows OS requires a Sha2 CA directly / not to be cross signed. I woud think this is a rare situation. One year later when cert had expired I reverted back to much cheaper GoDaddy cert and all worked perfectly. So I believe this was the resolution and nothing to do with cached cert and changing the cert. back to original provider. Hope this helps.



  • 2.  RE: Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

    Posted Mar 17, 2020 05:29 PM

    Appreciate your response.

    but in my cause we used internal CA for both case i.e sha1 and sha2 

    all machines are not connecting to wifi automatically via GPO. All forums are pointing towards radius but for us clearpass is the radius server.

    . i have been breaking my head for 1 week and not getting anyhwere.

    where should i check for cross signed cert?

     

     

    TAC are not being that helpful as well.

    Any other recommendation you have i can check



  • 3.  RE: Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

    Posted Mar 17, 2020 05:37 PM

    Did you look in the event viewer on the radius server to understand what the problem is?

     

    Many, many organizations do this every day..



  • 4.  RE: Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

    Posted Mar 17, 2020 05:50 PM

    my radius server is the clearpass server.

    should i still be checking?



  • 5.  RE: Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

    Posted Mar 17, 2020 06:02 PM

    Yes.  What is the error in the access tracker?



  • 6.  RE: Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

    Posted Mar 17, 2020 06:06 PM

    the current issue is the machine no automatically connecting to clearpass.

    i have to manually click connect.

    on the client machine its pointing towards certificate thumbprint which doesnt exist anywhere.

     

    clearpass happily accepts once i hit connect manually.

    but this only started happening once we changed the cert on clearpass from SHA1 to SHA2 hence picking your brain



  • 7.  RE: Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

    Posted Mar 17, 2020 06:16 PM

    Does the client trust the new certificate?