Security

Reply
Highlighted
Occasional Contributor II

ClearPass Radius certificate & OnBoard Intermediate CA

Our CPPM Radius certificate is getting ready to expire so we're working on renewing it. The question that I've run into, though, is that the current certificate is signed by the OnBoard intermediate CA, in turn signed by the AD CA. Is there a particular need for the Radius cert to be signed by the internal intermediate CA, or would it be fine to use a cert signed directly by the AD CA?


Accepted Solutions
Highlighted
Moderator

Re: ClearPass Radius certificate

The EAP server certificate can be issued from wherever you choose, as long as the supplicants are appropriately configured.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: ClearPass Radius certificate

The EAP server certificate must be trusted by the clients. How are the supplicants configured?


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor II

Re: ClearPass Radius certificate

I'll have to double check, but I believe at the moment it's basically Windows default. I'm working in the direction of enforced dot1x via wire and wireless, and would like to get group policies defined for the windows clients to make it transparent to enterprise devices. I'm testing with my machine, and do periodically get the 'Windows can't verify the server's identity. If you expect to find %1 in this location..." message.

Highlighted
Moderator

Re: ClearPass Radius certificate

The EAP server certificate can be issued from wherever you choose, as long as the supplicants are appropriately configured.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Occasional Contributor II

Re: ClearPass Radius certificate

Thank you for that. I just wanted to verify there wasn't something I was missing. I've been bit by changing radius certificates once before and wanted to make sure there wasn't a gotcha I was missing with OnBoard.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: