Wireless Access

Reply
Highlighted
Regular Contributor II

Configure VIA for machine certificates only

Hi,

 

Could I use the VIA client with machine certificates only (no user certs) in the following setup:

 

1. Profile download with cert authentication- users pick the machine certificate 

2. Enable domain pre connect

3. Then all future connections actually connect at pre login screen and users stay connected when logging in?


Accepted Solutions
Highlighted

Re: Configure VIA for machine certificates only

Hi Redford1980,

 

VIA is not able to do machine authentication. What we can do with VIA is to use certificates from the user certificate store and machine certificate store. The second one is mostly used for certificates with a CN like host\FQDN. But even if VIA is using those certificates it will be a user based authentication (username is host\fqdn) and not a machine-based. Just to make this concept clear. 

If you use preconnect, VIA selects the first available certificate from the machine store to create a new profile to connect during the login screen. After the user logs in, this session is torn down and the user session is built up. For that session, you can use the same certificate from the machine certificate store. 

 

I have created a post about VIA with TLS based authentication and preconnect which explains this in more detail. 

 

https://www.flomain.de/2020/06/aruba-via-vpn-with-ikev2/

 

BR

Florian


visit our Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ/featured
Please visit my personal blog as well:
https://www.flomain.de

View solution in original post


All Replies
Highlighted
Regular Contributor II

Re: Configure VIA for machine certificates only

Anyone know if the above will work?

Highlighted

Re: Configure VIA for machine certificates only

Hi Redford1980,

 

VIA is not able to do machine authentication. What we can do with VIA is to use certificates from the user certificate store and machine certificate store. The second one is mostly used for certificates with a CN like host\FQDN. But even if VIA is using those certificates it will be a user based authentication (username is host\fqdn) and not a machine-based. Just to make this concept clear. 

If you use preconnect, VIA selects the first available certificate from the machine store to create a new profile to connect during the login screen. After the user logs in, this session is torn down and the user session is built up. For that session, you can use the same certificate from the machine certificate store. 

 

I have created a post about VIA with TLS based authentication and preconnect which explains this in more detail. 

 

https://www.flomain.de/2020/06/aruba-via-vpn-with-ikev2/

 

BR

Florian


visit our Youtube Channel:
https://www.youtube.com/channel/UCFJCnuXFGfEbwEzfcgU_ERQ/featured
Please visit my personal blog as well:
https://www.flomain.de

View solution in original post

Highlighted
Regular Contributor II

Re: Configure VIA for machine certificates only

Excellent explanation - many thanks 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: