Wireless Access

New Contributor

802.1x certificates

Hi Guys


Can someone please assist in directing me in the correct direction. Im looking to enable 802.1x authentication on an SSID, i believe that some sort of certificates are needed. Who can i contact and what do i ask for...?




Guru Elite

Re: 802.1x certificates

At a bare minimum, you need a server certificate for your RADIUS server.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: 802.1x certificates



On the Aruba support Website, under Documentation -> Software -> ClearPass Policy Manager (eTIPS) -> Technotes (https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/7961/Default.aspx), there is an excellent document 'CPPM - Certificates 101 Technote V1.0 .pdf' that addresses the required certificates. This document is created for ClearPass, however because ClearPass implements open standards, the same certificate requirements apply to any 802.1x/RADIUS deployment.


In a very quick summary:

- For convenience, Windows Username/password can be used, this is called EAP-MSCHAPv2, is cryptographically broken (so should be avoided if reasonally be possible) and requires just a certificate on the RADIUS server.

- For best security, client certificates are used to authenticate the client, this is called EAP-TLS. In this case, in addition to the server certificate on the RADIUS, you will need a client certificate on each client. The distribution of the client certficate makes it more difficult to deploy.


The Certificate 101 guide will explain this in more depth.



If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
New Contributor

Re: 802.1x certificates

Thanks, i will read through the document and provide feedback.

Search Airheads
Showing results for 
Search instead for 
Did you mean: