Solved

Aruba ClearPass

Posted on 2014-11-24
4
362 Views
Last Modified: 2016-09-21
Hi Experts,

I have Aruba clearPass server that I am having a certificate problem with.  It will not allow users with Windows 8.1 devices to authenticate to the wireless network.

I found the following resoluction but I am not sure how to accomplish this:

" You must deploy a private CA rather than obtain server certificates from a third party public CA. In addition, the certificate template that you use to issue the certificates must contain the RADIUS EKU extension. This extension is id-kp-eapOverLAN and the object identifier (OID) for this EKU is 1.3.6.1.5.5.7.3.14. This EKU extension can only be configured on a private CA and is used by Windows 8 to determine whether a private CA issued the certificate"

I created a new CSR from the ClearPass server and tried to sign it with our internal CA server but signing process faile with this error " the certificate requested template does not have a valid extension.

Any thoughts and what I am doing wrong?

Thanks
0
Comment
Question by:Teavana
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 46

Expert Comment

by:Craig Beck
ID: 40464688
Try processing the CSR using the CertSrv website, instead of processing the file.  You may have to enable Web Enrolment on your CA server for this though.
0
 
LVL 1

Accepted Solution

by:
Teavana earned 0 total points
ID: 40464906
I created a CSR file and on the local CA and signed it from the local ClearPass CA and this resolved this item.

Thanks for your response.
0
 
LVL 1

Author Closing Comment

by:Teavana
ID: 40472364
Thanks
0
 

Expert Comment

by:Steve Bergholtz
ID: 41808539
Hi
Sorry to get in on this track but..
I trying to add a EKU OID to my cert and match that string in Clearpass Policy, the string becomes 83bits long but when i check the auth request Clearpass seem to remove the last 3 bits in the oid wich make that it doesnt match the rule.
Is it a limit by CP to only support 80bit string or can this be a BUG?

/Regards
Steve
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the purchase of CloudCommand by Comcast customers are left in a bind as subscriptions expire and render the AP's disabled. The following will explain how to flash your Ubiquiti AP's with CloudCommand firmware back to Ubiquiti firmware. HOWTO…
DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

626 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question