Wireless Access

Hi,

Currently, I have 13 of Aruba Access point models between 207 - 303 and one of them is acting as a controller. I am trying to configure SSID so my users can connect it via certificate, but I couldn't trust the AP with my CA server, and I don't know how to create AP certificate to be trusted via CA server.

Hereunder a screenshots of my configuration 

You don't need your AP to be trusted. The client needs to be configured to trust the EAP (NPS in your case) certificate. For EAP-TLS (Smart card or other certificate), you would need to configure your RADIUS sever (NPS in your case) to trust the client certificate deployed to your clients.

With EAP/RADIUS, the AP is just relaying/transporting, it's not actively taking part in the authentication which happens between client and RADIUS server.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jun 10, 2025 02:51 AM
From: Ksallam
Subject: Using Aruba Access Point Through RADIUS Server

Hi,

Currently, I have 13 of Aruba Access point models between 207 - 303 and one of them is acting as a controller. I am trying to configure SSID so my users can connect it via certificate, but I couldn't trust the AP with my CA server, and I don't know how to create AP certificate to be trusted via CA server.

Hereunder a screenshots of my configuration 

Hi Robers, 

First, I would like to thank you for your quick response, but I unfortunately still facing same issue that the user couldn't obtain the required certificate

I have managed to export the RADIUS cert from CA server then import it on the client machine for both user and computer certificate.

I would be appreciated if you could provide me with a specific steps to follow 

You don't need your AP to be trusted. The client needs to be configured to trust the EAP (NPS in your case) certificate. For EAP-TLS (Smart card or other certificate), you would need to configure your RADIUS sever (NPS in your case) to trust the client certificate deployed to your clients.

With EAP/RADIUS, the AP is just relaying/transporting, it's not actively taking part in the authentication which happens between client and RADIUS server.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Jun 10, 2025 02:51 AM
From: Ksallam
Subject: Using Aruba Access Point Through RADIUS Server

Hi,

Currently, I have 13 of Aruba Access point models between 207 - 303 and one of them is acting as a controller. I am trying to configure SSID so my users can connect it via certificate, but I couldn't trust the AP with my CA server, and I don't know how to create AP certificate to be trusted via CA server.

Hereunder a screenshots of my configuration