Wireless Access

Reply
Highlighted
Contributor I

Certificate Requirements for Aruba AP Deployment

Hello all,

 

I am in the process of switching over one of our campuses from Cisco to Aruba in a small POC. Clearpass is currently in production for authentication and has been for almost year now.

Our Aruba POC is a MM running 8.4 and a physical 7200 series controller.

 

The PCs are running Windows 10 1803

 

I got all the Aruba APs mounted and provisioned but when I turn off the Cisco APs, my Windows clients do not like to reconnect to my SSID, but other devices do. Is this a cert issue? I currently am just using the default cert on the MM and controller. Do I need to install trusted certs in order to get this working seamlessly? Or should the ones on Clearpass be doing their job?

 

Please help!

 

Thanks!


Accepted Solutions
Highlighted
Contributor I

Re: Certificate Requirements for Aruba AP Deployment

Turns out I was running into an issue with the old Intel wireless drivers. They don't seem to like the new frames from ax. Updating the drivers seems to have fixed the issue.

View solution in original post


All Replies
Guru Elite

Re: Certificate Requirements for Aruba AP Deployment

You need a trusted SSL cert on the MM as well as the ClearPass Box. 

 

- A captive portal certificate is needed for the MM for Captive Portal if you are doing captive portal.

 - A captive portal certificate is also needed for ClearPass if you are doing Captive Portal on ClearPass. 

- You would also need a Radius Server Certificate for ClearPass to authenticate your enterprise users.

 

Your clients would have to trust all 3 certificates.  The third certificate would need to be trusted by your enterprise clients that do 802.1x, which is probably why you are having problems with Windows Clients.

 

For in depth info, please see the certificates 101 Technote here:  https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=33288


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor I

Re: Certificate Requirements for Aruba AP Deployment

Thanks for the swift reply!

 

So my current Clearpass deployment already has a RADIUS and HTTPS cert, as well as a cert for the guest portal. From what you are saying, I am just missing the one on the MM and controller correct?

 

Do Windows clients usually not like the default cert on the MM/controller?

Highlighted
Guru Elite

Re: Certificate Requirements for Aruba AP Deployment

The Certificates on the Controller and ClearPass are all self-signed and no clients would trust them.  If this is a proof of concept, it is fine.  In production, you would need certificates that your clients trust and it should be seamless.

 

EDIT.  The Captive Portal and Https certificate are the same thing on ClearPass.

 


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Video Knowledge Base
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Contributor I

Re: Certificate Requirements for Aruba AP Deployment

I see what you are saying. But we've had Clearpass in production for about a year now and it has all the certs it needs. Shouldn't that be enough as it is handling the auth piece? Without adding a cert to the controller or MM?

 

Unless the supplicant is as looking to the controller for a cert?

Highlighted
Moderator

Re: Certificate Requirements for Aruba AP Deployment

Which authentication method is being used in this scenario?


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor I

Re: Certificate Requirements for Aruba AP Deployment

We are using EAP-PEAP, EAP-MSCHAPv2

 

My windows devices are configured via GPO to connect to the SSID however. And to use that auth method.

Highlighted
Moderator

Re: Certificate Requirements for Aruba AP Deployment

The EAP server certificate of ClearPass will be used for this workflow.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor I

Re: Certificate Requirements for Aruba AP Deployment

So I am not missing anything, and am good with the out of the box certs on the MM and controller?

 

Any idea on what the cause of my Windows clients not wanting jump onto the Aruba APs that are broadcasting the same SSID as my Cisco setup?

Highlighted
Moderator

Re: Certificate Requirements for Aruba AP Deployment

If you’re not doing captive portal, you don’t need any certificates on the controller.

There are dozens of potential reasons. I would start with a packet capture.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: