Wireless Access

last person joined: 17 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

ArubaOS 8.6.0.4 - AP Uplink 802.1X EAP-TLS w/ factory TPM certs

This thread has been viewed 11 times

  • 1.  ArubaOS 8.6.0.4 - AP Uplink 802.1X EAP-TLS w/ factory TPM certs

    Posted Jun 12, 2020 01:41 AM

    I nearly have this working!

     

    ClearPass is saying it doesn't know about the TPM issuing CA.

     

    EAP-TLS: Cannot get certificate of issuer /DC=com/DC=arubanetworks/DC=dc-device-ca5/CN=device-ca5 to check the client certificate status.

     

    Detailed logs show:

     

    2020-06-12 17:36:21,438 [Th 42 Req 411 SessId R00000024-01-5ee31450] INFO RadiusServer.Radius - --> subject = /CN=CKXXXXXXXX::40:e3:d6:xx:xx:xx
    2020-06-12 17:36:21,438 [Th 42 Req 411 SessId R00000024-01-5ee31450] INFO RadiusServer.Radius - --> issuer = /DC=com/DC=arubanetworks/DC=dc-device-ca5/CN=device-ca5
    2020-06-12 17:36:21,438 [Th 42 Req 411 SessId R00000024-01-5ee31450] INFO RadiusServer.Radius - --> verify return:0

     

    I have enabled the below cert in the ClearPass trust list for 'EAP' and 'Aruba Infrastructure':

    CN=Aruba Networks Trusted Computing Root CA 1.0,C=US,O=Aruba Networks,OU=Operations,OU=DeviceTrust

     

    Packet capture shows the client certificate with the correct trust chain:

     

    TLS.PNG



  • 2.  RE: ArubaOS 8.6.0.4 - AP Uplink 802.1X EAP-TLS w/ factory TPM certs
    Best Answer

    Posted Jun 18, 2020 12:21 AM

    Got this working, needed the service to have the following:

     

    1) EAP-TLS authentication method with NO OCSP or Authorization required

     

    2) NO authentication source