This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Hi, I've tried searching for this already, but can anyone point me in the direction of any guides for deploying an SSID within HMNG that uses certificate based authentication?

Hi, I've tried searching for this already, but can anyone point me in the direction of any guides for deploying an SSID within HMNG that uses certificate based authentication?

tony_mitchell
New Contributor

‎06-20-2019 08:57 AM

In particular, I'm looking for a use case where I want to use a generic certificate across multiple mobile devices which enables them to seamlessly connect to a WiFi network? I don't want to generate or require each unique user to have a certificate, just the device. Thanks in advance.

0 Kudos
3 REPLIES 3

samantha_lynn
Esteemed Contributor III

‎06-21-2019 04:44 PM

It is possible to have a certificate only authentication, but for that to work each client would need their own unique certificate, rather than the same certificate installed on each device. Does that sound like something you'd want to pursue?

0 Kudos

tony_mitchell
New Contributor

‎06-20-2019 08:10 PM

Hi Sam, Many thanks for responding and for the guidance. I've set this up and have it working with a Local Database. When I join the network, I'm prompted for a username & password, then have to accept/install the certificate. Once done, I'm connected and everything works fine.

 

However, whilst this may turn out to be a workable solution for us, I'm wondering if it's possible to make this even easier for our users. Ideally, I'd like the SSID to use 802.1X (as per your suggested configuration), but when a user taps on the SSID to join the network, all the AP needs to authenticate is a certificate that we'll pre-deploy on the mobile/cell (iPhone) using our MDM solution. So, basically the same as you've detailed above, but without requiring a username & password. Is that possible?

 

Many thanks, Tony

0 Kudos

samantha_lynn
Esteemed Contributor III

‎06-20-2019 02:22 PM

You'll want to follow this guide for the most part, to set up a Radius server on an AP (which can be using an external AD you've already set up, or an internal user database hosted in the HiveManager): https://thehivecommunity.aerohive.com/s/article/Radius-SSID-in-NG

 

When you reach the part where you are configuring the AAA Server Profile, you'll want to open the Security Options tab:

388e6a730c0b48d28cc3a18cb168ab18_0690c000008P7aqAAC.png

Here you can upload the certificate that the clients need to match, and set the Radius server to check for the certificate during authentication (TLS authentication).

21

0 Kudos
GTM-P2G8KFN