Aruba ClearPass

Hi Experts,

I have Aruba clearPass server that I am having a certificate problem with.  It will not allow users with Windows 8.1 devices to authenticate to the wireless network.

I found the following resoluction but I am not sure how to accomplish this:

" You must deploy a private CA rather than obtain server certificates from a third party public CA. In addition, the certificate template that you use to issue the certificates must contain the RADIUS EKU extension. This extension is id-kp-eapOverLAN and the object identifier (OID) for this EKU is 1.3.6.1.5.5.7.3.14. This EKU extension can only be configured on a private CA and is used by Windows 8 to determine whether a private CA issued the certificate"

I created a new CSR from the ClearPass server and tried to sign it with our internal CA server but signing process faile with this error " the certificate requested template does not have a valid extension.

Any thoughts and what I am doing wrong?

Thanks
LVL 1
TeavanaAsked:
Who is Participating?
 
TeavanaConnect With a Mentor Author Commented:
I created a CSR file and on the local CA and signed it from the local ClearPass CA and this resolved this item.

Thanks for your response.
0
 
Craig BeckCommented:
Try processing the CSR using the CertSrv website, instead of processing the file.  You may have to enable Web Enrolment on your CA server for this though.
0
 
TeavanaAuthor Commented:
Thanks
0
 
Steve BergholtzCommented:
Hi
Sorry to get in on this track but..
I trying to add a EKU OID to my cert and match that string in Clearpass Policy, the string becomes 83bits long but when i check the auth request Clearpass seem to remove the last 3 bits in the oid wich make that it doesnt match the rule.
Is it a limit by CP to only support 80bit string or can this be a BUG?

/Regards
Steve
0
All Courses

From novice to tech pro — start learning today.