Community Home > Discuss > Technology > Security > Re: two Radius Server Certificates

Security

Reply
Frequent Contributor I
thanjavurubhavesh@gmail.com

two Radius Server Certificates

a month ago

Hi All,

 

Customer want to use Machine Certificate & User Certificate for Authentication.

 

Due to Policy , Customer want use Machine certificate from One CA (Eg:- CA-1) and User Certificate from Other CA.(Eg:- CA-2)

 

So from ClearPass Point of View we need to have Radius Server Certifcate from  CA-1 for Machine authentication and Radius Server Certificate from CA-2 for User Authentication is my Understanding.

 

Is this Feasible using 6.8.x ? 

 

 

Thanks in advance

 

 

Alert a Moderator
Message 1 of 7
321 Views
Reply
0 Kudos
MVP Guru
MVP Guru
Victor Fabian

Re: two Radius Server Certificates

a month ago

No need to create a RADIUS server from each CA just need to import both CA in the trusted list



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Alert a Moderator
Message 2 of 7
314 Views
Reply
0 Kudos
Frequent Contributor I
thanjavurubhavesh@gmail.com

Re: two Radius Server Certificates

a month ago

I agree we need to upload both CA certificates in Trust list.

 

For EAP-TLS we need to upload Radius Server certificate by Submitting CSR from CPPM to each CA right?

 

 

Alert a Moderator
Message 3 of 7
311 Views
Reply
0 Kudos
Frequent Contributor I
thanjavurubhavesh@gmail.com

Re: two Radius Server Certificates

a month ago

OK I understand Now. We can use Radius Server certificate from any CA as we use Server Certificate to Validate Radius Server.

 

As both Machine & User Same Radius Server that is CPPM we can use Radius Server certificate from any CA to the needful.

 

Both CA  certificates in Trust list of CPPM will validate both Machine & User certicate Presented by Client Device. 

 

Hope my understanding is correct . Please correct me if my understanding is wrong.

Alert a Moderator
Message 4 of 7
305 Views
Reply
0 Kudos
Regular Contributor I
Fabian Klaring

Re: two Radius Server Certificates

a month ago

The client will send a certificate from 2 different CA's so that is why CPPM needs to add them in it's trust list.

 

You can serve both requests from 1 service, just make different rules where you identify the certificate from each request.

 

In both situation, the clients will be presented the same "server" certificate, installed in CPPM as a radius certificate. So the clients just needs to trust this 1 certifcate (chain).



- - - - Aruba ACCX #748, ACDX #758, ACMP, ACEAP | HPE Master ASE - - - -
- - - - - - - Feel free to give kudos or accept as a solution! - - - - - - - - -
Alert a Moderator
Message 5 of 7
298 Views
Reply
0 Kudos
MVP Guru
MVP Guru
Victor Fabian

Re: two Radius Server Certificates

a month ago

Yes correct .

ClearPass validates the client cert using the CA from the trust

The windows client validates any RADIUS cert if the RADIUS cert CA is the cert store

So just need to make sure the RADIUS cert CA is in all your client cert store



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Alert a Moderator
Message 6 of 7
296 Views
Reply
Highlighted
Frequent Contributor I
thanjavurubhavesh@gmail.com

Re: two Radius Server Certificates

a month ago

Thanks a lot :-)

Alert a Moderator
Message 7 of 7
265 Views
Reply
0 Kudos
Search Airheads
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

© Copyright 2019 Hewlett Packard Enterprise Development LP
All Rights Reserved.
Powered by Lithium