Security

Reply
Highlighted
Occasional Contributor II

ClearPass Radius certificate & OnBoard Intermediate CA

Our CPPM Radius certificate is getting ready to expire so we're working on renewing it. The question that I've run into, though, is that the current certificate is signed by the OnBoard intermediate CA, in turn signed by the AD CA. Is there a particular need for the Radius cert to be signed by the internal intermediate CA, or would it be fine to use a cert signed directly by the AD CA?

Guru Elite

Re: ClearPass Radius certificate

The EAP server certificate must be trusted by the clients. How are the supplicants configured?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: ClearPass Radius certificate

I'll have to double check, but I believe at the moment it's basically Windows default. I'm working in the direction of enforced dot1x via wire and wireless, and would like to get group policies defined for the windows clients to make it transparent to enterprise devices. I'm testing with my machine, and do periodically get the 'Windows can't verify the server's identity. If you expect to find %1 in this location..." message.

Guru Elite

Re: ClearPass Radius certificate

The EAP server certificate can be issued from wherever you choose, as long as the supplicants are appropriately configured.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: ClearPass Radius certificate

Thank you for that. I just wanted to verify there wasn't something I was missing. I've been bit by changing radius certificates once before and wanted to make sure there wasn't a gotcha I was missing with OnBoard.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: