11-08-2018 12:52 PM
While trying to migrate Aruba controller RADIUS authentication for an 802.1x SSID off of a Windows NPS platform and on to Aruba ClearPass, our Windows 10 users were prompted with the following error:
My interpretation of this issue is that the user's stored certificate of the Windows NPS server is not the certificate being presented by ClearPass, so it warns the user something funny is going on. MacOS users don't seem to be affected by this.
My question is whether this is a common scenario, and if there is a way to check the certificate being stored for an 802.1x SSID on a Windows device? I am not having much luck in identifying the stored cert that we "trust" on a per SSID basis.
Solved! Go to Solution.
11-08-2018 03:21 PM
The CA certificate that you are checking/trusting should be part of the WLAN profile under "Validate Server Certificate". If none are checked, it should accept Server Certificates issues by any of the CA Certificates listed. Please see here for what others have done to deal with that message: https://social.technet.microsoft.com/Forums/en-US/541d1f31-3df9-44f4-8cad-6c916f98de22/windows-10-8021x-security-warning-due-to-kb4074588?forum=win10itprosecurity
*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.4 User Guide
InstantOS 8.3 User Guide
Airheads Learning Videos
Aruba Central Documentation
Sign up for Security Alerts
Aruba Technical Webinars
Re: Certificate warning on Win10 when changing RADIUS servers
11-08-2018 03:23 PM
Thanks Colin, much appreciated. I found that article previously and was pretty sure that was the solution, but wanted to make sure the experts agreed ;)