Security

Reply
Occasional Contributor I

Make wlan controller to handle peap-eap auth/certificates

Hi All,

 

We have been stuck in an issue regarding certificates from a win2008 radius server. In order to make our eap-peap authentication to work we have to install the winserver's certificate in each user's pc. Is there a way to have the controller to handle this task instead of install the certificate in all computers?

 

My controller's model is 3400 with version 6.4.2.17

 

regards!

 

 

Guru Elite

Re: Make wlan controller to handle peap-eap auth/certificates

How are your user's supplicants being configured? Are they managed using a GPO/EMM solution?

 

Is your certificate public or privately signed?


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor I

Re: Make wlan controller to handle peap-eap auth/certificates

it is a private cert generated by auto in the server. and as supplicant we are not using a specific one (I believe the one we have windows as default) , we just propagate the SSID without termination setting.

 so far I can see we have the CSR generated in the certification option.

 

 

 

 

Guru Elite

Re: Make wlan controller to handle peap-eap auth/certificates

If you don't want to add the certificate manually, you'll need to get a public CA-signed EAP server certificate.

 

Please keep in mind that using PEAPv0/EAP-MSCHAPv2 with unconfigured clients puts your user's credentials in jeopardy as this EAP method is highly susceptible to man-in-the-middle attacks with unconfigured clients.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: