Aruba ClearPass

Hi Experts,

I have Aruba clearPass server that I am having a certificate problem with.  It will not allow users with Windows 8.1 devices to authenticate to the wireless network.

I found the following resoluction but I am not sure how to accomplish this:

" You must deploy a private CA rather than obtain server certificates from a third party public CA. In addition, the certificate template that you use to issue the certificates must contain the RADIUS EKU extension. This extension is id-kp-eapOverLAN and the object identifier (OID) for this EKU is 1.3.6.1.5.5.7.3.14. This EKU extension can only be configured on a private CA and is used by Windows 8 to determine whether a private CA issued the certificate"

I created a new CSR from the ClearPass server and tried to sign it with our internal CA server but signing process faile with this error " the certificate requested template does not have a valid extension.

Any thoughts and what I am doing wrong?

Thanks
LVL 1
TeavanaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Craig BeckCommented:
Try processing the CSR using the CertSrv website, instead of processing the file.  You may have to enable Web Enrolment on your CA server for this though.
0
TeavanaAuthor Commented:
I created a CSR file and on the local CA and signed it from the local ClearPass CA and this resolved this item.

Thanks for your response.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TeavanaAuthor Commented:
Thanks
0
Steve BergholtzCommented:
Hi
Sorry to get in on this track but..
I trying to add a EKU OID to my cert and match that string in Clearpass Policy, the string becomes 83bits long but when i check the auth request Clearpass seem to remove the last 3 bits in the oid wich make that it doesnt match the rule.
Is it a limit by CP to only support 80bit string or can this be a BUG?

/Regards
Steve
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Networking

From novice to tech pro — start learning today.