Controllerless Networks

Regular Contributor I

IAP and TLS cert authentications


I need to understand how i can configure my IAP infrastructure to implement the TLS certification.

The goal is "client have to verify the server certificate" and "the server have to verify the client certification" for booth certification the CA is the same.


Can you help me?

Best regards







Re: IAP and TLS cert authentications

As long as your clients have the Root CA in the trusted root store, you shouldn't have to worry.  Unless you are going to do termination on the IAP.

If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACCX #817, ACMP, ACMX #294
Regular Contributor I

Re: IAP and TLS cert authentications


I have a CLearPass and various IAP.

I need that the Client have access only if him have AD credential and a certificate signed by the customer CA on the device and the Client need to verify that the server have a certificate released by the same CA.


How I can implement it?


Best regards

Guru Elite

Re: IAP and TLS cert authentications



All the work will need to be on the client side and the ClearPass side.  


Here is the minimum you need to be done:

- The IAP just needs to be setup with WPA2-Enterprise and Point to the ClearPass as the Radius Server. 

- The client needs a user certificate generated by a certificate authority (that CA can be the built-in onboard CA).  

- Clearpass needs to have a service configured with the EAP-TLS authentication method AND have the CA certificate that issued the client certificate in its trusted CA Store.


That is all you need.  There is no AD tie-in required or needed.  You can configure authorization on the EAP-TLS authentication method so that the username on the certificate is checked against AD to see the user account on the certificate still exists in AD, but that is optional.  You should work on getting the minimum done, first.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Search Airheads
Showing results for 
Search instead for 
Did you mean: