... wildcard certificates should NOT be used for EAP...; or no wildcard certificates should be used for EAP. The recommendation builds on that and is what I would do as well.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Apr 26, 2024 08:52 AM
From: ahollifield
Subject: VIA Certificate Installation
No, wildcard certificates should be used for EAP. You should use a single cert per ClearPass node or a multi-SAN certificate with each of the ClearPass names/IPs in the SAN Field.
Original Message:
Sent: Apr 26, 2024 08:23 AM
From: kurtw1
Subject: VIA Certificate Installation
I have a question about certificates for VIA. My customer would like to get started using VIA, but we are a bit confused on what type of certificates to create and upload for VIA implementation.
This is the information that I gave the customer:
We need two certificates to upload into the controller group on Aruba Central.
The VPNCs should have a server certificate signed by a CA that is trusted by the client devices to identify itself.
We also need a Server certificate installed on the RADIUS server to terminate VIA clients EAP authentication.
This is the question the customer came back with:
Would two wildcard certs from our CA e.g. *.bordnamoan.com be sufficient or would you like it linked directly to the VPNC's/Radius server DNS? What format do you require the certs to be in and is a user/password required?
Any assistance appreciated.