New Contributor

Change default Certificat AP-205



we bought two AP-205 to build our WLAN new from the ground. 


Everything worked fine, i created two wifis, one for our employees and one for our customer. 


The productiv network is secured with a WPA2-Enterprise Radius Server, that the employees have to log in with there AD-User Credentials. Works fine, but when they connect they get the message that the certificate not known is. 



After that i added our Certificate-Server as CA, and now every client within our domain dont get the message any longer. Only devices like mobile phones still get the error. I think till this point everything work flawless. 


But what is the best practise to get a certificate and a ca that every device trust, and is there a cheap option?


thanks for your help.


Guru Elite

Re: Change default Certificat AP-205

Is this an Instant AP?


If yes, please use the Open SSL instructions here: to generate a CSR to submit to a certificate authority.


There are a number of low-cost certificate authorities, but we cannot endorse any here.  Maybe some of the users in the community can suggest their low-cost favorites.

*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos

Re: Change default Certificat AP-205

For the long answer to your question on what (type of) certificate to use for 802.1X/RADIUS, please check out the ClearPass Certificates 101 TechNote, which can be found here:


In many cases, a certificate from your private CA is a good pick, and it has the 'issue' that clients that are not controlled by your company will get the certificate warnings. If you pick a public CA things may be better, but still many clients will prompt on first connect. As a rule of thumb, if you have mostly Domain connected computers, or you have another way to provision the SSID to devices (like with Mobile Device Management, or ClearPass Onboard), the private CA seems the best choice. If you have most uncontrolled clients (like students, BYOD), a public CA seems the better choice.


What you see is fully expected.


The mentioned Certificates 101 document goes into more depth on this topic.



If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: