ā08-06-2018 01:26 PM
How do i generate certificate requests for use in 802.1x authentication for the access points, as seen under Configuration -> Network Policy -> Additional Settings -> Secure Port Settings?
I tried to set them up with PEAP, but the radius server recieves messages where the username is set to INVALID for some reason.
So either I have to figure out what causes that, or try to use certificates, which is the way I really want to go.
Thanks.
Solved! Go to Solution.
ā08-08-2018 03:25 PM
I'm sorry, I think there is some confusion on how these certs work. You would download the CSR from the HiveManager, import that in to your CA, your CA signs it, and should give you three things: The CA cert file (this is the intermediate and root certs concatenated together), the server cert file (this is the one the CA signs), and the key file. All you would need to do from there is import these in the the HiveManager, the HiveManager doesn't sign these again.
ā08-16-2018 07:33 AM
I'm not sure you understand.
It is the accesspoints I want authenticated against a 802.1x enabled switchport, not the clients connecting to the accesspoints.
ā08-16-2018 12:56 AM
Since you mentioned Win2016, I'm assuming your using AD and perhaps NPS to authenticate. Are your APs acting as a RADIUS server or client? In other words, have you configured them to link to AD or are they just passing the supplicant request to NPS for authentication?
If they are the server, you'll need the cert. If they are a client, NPS should be handling the certs and the APs just need to be registered clients in NPS.
ā08-15-2018 06:46 PM
Still puzzled why I can't get it to work with username / password / PEAP, though.
ā08-15-2018 06:45 PM
Thanks, I will start working on this now.
But our CA server (it's a Windows 2016 CA) has never given me a separate key file, so I have to figure out how to split the certificate it actually gives me.
And what certificate template should I use when signing the CSR?
Web server? Computer? User? There are a lot to choose from š
Thanks.
ā08-08-2018 03:25 PM
I'm sorry, I think there is some confusion on how these certs work. You would download the CSR from the HiveManager, import that in to your CA, your CA signs it, and should give you three things: The CA cert file (this is the intermediate and root certs concatenated together), the server cert file (this is the one the CA signs), and the key file. All you would need to do from there is import these in the the HiveManager, the HiveManager doesn't sign these again.