Wireless Access

Hi,

Could I use the VIA client with machine certificates only (no user certs) in the following setup:

1. Profile download with cert authentication- users pick the machine certificate 

2. Enable domain pre connect

3. Then all future connections actually connect at pre login screen and users stay connected when logging in?

Anyone know if the above will work?

Hi Redford1980,

VIA is not able to do machine authentication. What we can do with VIA is to use certificates from the user certificate store and machine certificate store. The second one is mostly used for certificates with a CN like host\FQDN. But even if VIA is using those certificates it will be a user based authentication (username is host\fqdn) and not a machine-based. Just to make this concept clear. 

If you use preconnect, VIA selects the first available certificate from the machine store to create a new profile to connect during the login screen. After the user logs in, this session is torn down and the user session is built up. For that session, you can use the same certificate from the machine certificate store. 

I have created a post about VIA with TLS based authentication and preconnect which explains this in more detail. 

https://www.flomain.de/2020/06/aruba-via-vpn-with-ikev2/

BR

Florian

Excellent explanation - many thanks