Wireless Access

last person joined: 6 hours ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

What CA should I choose to sign IAS certificate?

  • 1.  What CA should I choose to sign IAS certificate?

    Posted Sep 10, 2012 01:10 PM

    We have a customer that is college university.

     

    They have and 802.1X user only authenticatoin network so users can use own devices and their staff/student domain credentials to authenticate against Windows AD, IAS RADIUS server.  The Cert on IAS server is signed by GeoTrust Global CA

     

    Users connect with non-domain machines, using thier own Devices.

    Windows 7 and other OS are not accepting the certifacte signed by GeoTrusts.  

     

    A solution is to set the wireless settings to NOT Validate server certificate.

     

    We want a solution that requiers the least amount of configuration and management.  Customers want the simplest setup for end-user so IT staff does not have to touch all these laptops.

     

    Is there a Root CA that is automatically trusted by most devices, esp. windows 7?

    Is there a better way to configure this network to avoid this issue?

     

    thanks 

     

     



  • 2.  RE: What CA should I choose to sign IAS certificate?

    Posted Sep 10, 2012 09:55 PM

    To ensure this, you would need an application that distributes the root CA and configures the WLAN devices, like Quickconnect...

     

    a 30-day free trial is here:  http://page.arubanetworks.com/BYODQUICKCONNECT30DayFreeTrial.html

     

     

     

     



  • 3.  RE: What CA should I choose to sign IAS certificate?

    Posted Sep 11, 2012 03:53 PM

    We use a self signed certificate which requires unchecking the validate certificate option. What we did was use the netsh command to export a working WIFI profile and then created  a batch file to import the exported profile. To make it easier, we used IExpress http://en.wikipedia.org/wiki/IExpress to wrap the files in an executable. The client runs a the small executable in Windows 7, it imports the profile, and they are prompted to enter their credentials for 802.1x.

     



  • 4.  RE: What CA should I choose to sign IAS certificate?

    Posted Sep 17, 2012 02:20 PM

    thanks for you ideas.

     

    That gives us some interesting ideas to look into.