Question

XCA with Client Cert Auth using Windows NPS / RADIUS

  • 2 July 2020
  • 3 replies
  • 101 views

Trying to figure out how to get an SSID to use client based certificates that are on laptops which are domain joined.  We are able to connect to the wlan using ldap creds with no issue, but cannot seem to figure out how to configure the XCA to use machine certificates.

 

We were able to get this running on the older Extreme Wireless IdentiFi controller but cannot seem to locate what’s missing on the XCA.

Thanks


3 replies

If you deploy a certificate-based authentication method, such as Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), Protected Extensible Authentication Protocol-Transport Layer Security (PEAP-TLS), and PEAP-Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2), you must enroll a server certificate to all of your NPSs.

Userlevel 7
Badge +1

Hello,

 

the deployment guide will point you in the right direction:

https://documentation.extremenetworks.com/Extreme%20Campus%20Controller/v5.26/Extreme%20Campus%20Controller_v5.26.01_Deployment_Guide.pdf?_ga=2.200615214.1024296682.1615704791-909863248.1613982828

If you deploy a certificate-based authentication method, such as Extensible Authentication Protocol-Transport Layer Security (EAP-TLS), Protected Extensible Authentication Protocol-Transport Layer Security (PEAP-TLS), and PEAP-Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2), you must enroll a server certificate to all of your NPSs.

 

krogereschedule

Reply