Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

802.1x Radius server "not verified"

This thread has been viewed 5 times

  • 1.  802.1x Radius server "not verified"

    Posted Mar 25, 2014 02:56 PM

    Good afternoon everyone.

     

    We are implementing a new SSID with 802.1x PEAP authentication, where the client authenticates via RADIUS server. We have an internal CA which issued the certificates for our servers and our RADIUS receive this certificate from our internal CA. One thing puzzles me, when the user's iPhone, iPad attempts to connect to this SSID with RADIUS 802.1xo certificate appears as "not verified", so I've been reading here on the forum when it uses 802.1x without termination is not no need to import certificate for our parent company. If that's right, what's wrong?
    I appreciate any help.



  • 2.  RE: 802.1x Radius server "not verified"

    EMPLOYEE
    Posted Mar 25, 2014 03:09 PM

    iphones, ipads, always have that message when a new certificate is observed.

     



  • 3.  RE: 802.1x Radius server "not verified"

    Posted Mar 25, 2014 03:13 PM

    Thx 4 reply Cj,

     

    But I would not like to put this certificate as "valid" or "verified"?



  • 4.  RE: 802.1x Radius server "not verified"

    EMPLOYEE
    Posted Mar 25, 2014 03:15 PM

    Yes, but it is the nature of IOS to display the first time an IOS device has ever seen a server certificate:

     

    https://discussions.apple.com/message/25097802

     



  • 5.  RE: 802.1x Radius server "not verified"

    Posted Mar 25, 2014 03:22 PM

    Yes, I understand that is native IOS always display the certificate to authenticate, after that he really does not have the certificate. My question is, is this "Not verified" disappears and "Verified" appear.



  • 6.  RE: 802.1x Radius server "not verified"

    Posted Mar 25, 2014 03:24 PM

    Btw my problem is the same topic that you mentioned, just that there was not a solution.



  • 7.  RE: 802.1x Radius server "not verified"

    EMPLOYEE
    Posted Mar 25, 2014 08:23 PM

    You are right.  Unless you distribute certificates and/or a trusted CA via .mobileconfig file on IOS, you will have that issue.  ClearPass Onboard does distribute user and CA certificates and WLAN configurations with a .mobileconfig file.  If you do not have Onboard or another platform that distributes the CA trust, you will probably continue to have that issue.



  • 8.  RE: 802.1x Radius server "not verified"

    EMPLOYEE
    Posted Mar 25, 2014 08:54 PM

    There are some slides in this presentation that show Verified vs Unverified etc...

     

    http://community.arubanetworks.com/t5/Americas-Airheads-Conference/Breakout-Real-world-802-1X-Deployment-Challenges/gpm-p/129211



  • 9.  RE: 802.1x Radius server "not verified"

    Posted Mar 26, 2014 09:36 AM

    Thank you all for the answers.
    At the moment we climb a RADIUS test version and apply a valid test certificate (GeoTrust, Verisign etc.) and we do the tests. Including a step-by-step instructions I found here on the forum.
    CAPPALI,  EXCELLENT  documentation on the subject, save in my knowledge base.
    thank you