Wireless Access

Reply
Highlighted
Occasional Contributor II

Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

Hi

 

Yes I was. In my case we originally used GoDaddy cert for root CA. We then changed to another certificate provided by CSC Corporate Domains and provider was (from memory) AddTrust... Root CA certificate. They cross sign the root ca certificate which was Sha1 with another providers  Sha2 certificate. Clearpass / windows OS requires a Sha2 CA directly / not to be cross signed. I woud think this is a rare situation. One year later when cert had expired I reverted back to much cheaper GoDaddy cert and all worked perfectly. So I believe this was the resolution and nothing to do with cached cert and changing the cert. back to original provider. Hope this helps.

Highlighted
Occasional Contributor II

Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

Appreciate your response.

but in my cause we used internal CA for both case i.e sha1 and sha2 

all machines are not connecting to wifi automatically via GPO. All forums are pointing towards radius but for us clearpass is the radius server.

. i have been breaking my head for 1 week and not getting anyhwere.

where should i check for cross signed cert?

 

 

TAC are not being that helpful as well.

Any other recommendation you have i can check

Highlighted
Guru Elite

Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

Did you look in the event viewer on the radius server to understand what the problem is?

 

Many, many organizations do this every day..


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

my radius server is the clearpass server.

should i still be checking?

Highlighted
Guru Elite

Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

Yes.  What is the error in the access tracker?


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted
Occasional Contributor II

Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

the current issue is the machine no automatically connecting to clearpass.

i have to manually click connect.

on the client machine its pointing towards certificate thumbprint which doesnt exist anywhere.

 

clearpass happily accepts once i hit connect manually.

but this only started happening once we changed the cert on clearpass from SHA1 to SHA2 hence picking your brain

Highlighted
Guru Elite

Re: WPA2 Enterprise - MS Windows - Auto connect failing - Clearpass ROOT CA Sha1 issue?

Does the client trust the new certificate?  


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: