Security

Reply
Regular Contributor II

Onboarding in a global cluster?

Hi Forum,

 

To simplify it (for myself of course), I have 3 CP 5k (one in each global region) with a publisher in the US. I configured onboarding and it is working fine. My question is:

Under Onboard>>Configuration>>Network Settings>>edit>>trust tab>>Configure trust:

If I set it to manually configure certificate trust settings, which CP's cert should I add here(from the dropdown)? I understand this cert will be installed on enduser root certs store.

Should it be the publisher's cert or should I add all 4 CP's here? if so, what should I do if I have 10 CPs instead of 4!!

 

Thanks in advance.

Guru Elite

Re: Onboarding in a global cluster?

It's recommended to use a single RADIUS/EAP server certificate in a cluster. Is that the case in your environment?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Regular Contributor II

Re: Onboarding in a global cluster?

Thanks for the response Tim!

Each node has it's own Radius cert issued by the root CA (MS PKI).

Guru Elite

Re: Onboarding in a global cluster?

You should use the auto trust config then.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Regular Contributor II

Re: Onboarding in a global cluster?

I've noticed with auto trust, iOS devices fail to install the profile.
Guru Elite

Re: Onboarding in a global cluster?

Did you do step 1 during onboarding which installs your root CA?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: