This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Extreme Networks
- Community List
- Legacy
- Aerohive Migrated Content
- Re: How to generate certificates for 802.1x authen...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
How to generate certificates for 802.1x authentication for the access points? Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-06-2018 01:26 PM
How do i generate certificate requests for use in 802.1x authentication for the access points, as seen under Configuration -> Network Policy -> Additional Settings -> Secure Port Settings?
I tried to set them up with PEAP, but the radius server recieves messages where the username is set to INVALID for some reason.
So either I have to figure out what causes that, or try to use certificates, which is the way I really want to go.
Thanks.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-08-2018 03:25 PM
I'm sorry, I think there is some confusion on how these certs work. You would download the CSR from the HiveManager, import that in to your CA, your CA signs it, and should give you three things: The CA cert file (this is the intermediate and root certs concatenated together), the server cert file (this is the one the CA signs), and the key file. All you would need to do from there is import these in the the HiveManager, the HiveManager doesn't sign these again.
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-16-2018 07:33 AM
I'm not sure you understand.
It is the accesspoints I want authenticated against a 802.1x enabled switchport, not the clients connecting to the accesspoints.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-16-2018 12:56 AM
Since you mentioned Win2016, I'm assuming your using AD and perhaps NPS to authenticate. Are your APs acting as a RADIUS server or client? In other words, have you configured them to link to AD or are they just passing the supplicant request to NPS for authentication?
If they are the server, you'll need the cert. If they are a client, NPS should be handling the certs and the APs just need to be registered clients in NPS.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-15-2018 06:46 PM
Still puzzled why I can't get it to work with username / password / PEAP, though.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-15-2018 06:45 PM
Thanks, I will start working on this now.
But our CA server (it's a Windows 2016 CA) has never given me a separate key file, so I have to figure out how to split the certificate it actually gives me.
And what certificate template should I use when signing the CSR?
Web server? Computer? User? There are a lot to choose from 🙂
Thanks.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
08-08-2018 03:25 PM
I'm sorry, I think there is some confusion on how these certs work. You would download the CSR from the HiveManager, import that in to your CA, your CA signs it, and should give you three things: The CA cert file (this is the intermediate and root certs concatenated together), the server cert file (this is the one the CA signs), and the key file. All you would need to do from there is import these in the the HiveManager, the HiveManager doesn't sign these again.
