Solved

Aruba ClearPass

Posted on 2014-11-24
4
296 Views
Last Modified: 2016-09-21
Hi Experts,

I have Aruba clearPass server that I am having a certificate problem with.  It will not allow users with Windows 8.1 devices to authenticate to the wireless network.

I found the following resoluction but I am not sure how to accomplish this:

" You must deploy a private CA rather than obtain server certificates from a third party public CA. In addition, the certificate template that you use to issue the certificates must contain the RADIUS EKU extension. This extension is id-kp-eapOverLAN and the object identifier (OID) for this EKU is 1.3.6.1.5.5.7.3.14. This EKU extension can only be configured on a private CA and is used by Windows 8 to determine whether a private CA issued the certificate"

I created a new CSR from the ClearPass server and tried to sign it with our internal CA server but signing process faile with this error " the certificate requested template does not have a valid extension.

Any thoughts and what I am doing wrong?

Thanks
0
Comment
Question by:Teavana
  • 2
4 Comments
 
LVL 45

Expert Comment

by:Craig Beck
ID: 40464688
Try processing the CSR using the CertSrv website, instead of processing the file.  You may have to enable Web Enrolment on your CA server for this though.
0
 
LVL 1

Accepted Solution

by:
Teavana earned 0 total points
ID: 40464906
I created a CSR file and on the local CA and signed it from the local ClearPass CA and this resolved this item.

Thanks for your response.
0
 
LVL 1

Author Closing Comment

by:Teavana
ID: 40472364
Thanks
0
 

Expert Comment

by:Steve Bergholtz
ID: 41808539
Hi
Sorry to get in on this track but..
I trying to add a EKU OID to my cert and match that string in Clearpass Policy, the string becomes 83bits long but when i check the auth request Clearpass seem to remove the last 3 bits in the oid wich make that it doesnt match the rule.
Is it a limit by CP to only support 80bit string or can this be a BUG?

/Regards
Steve
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
High collision on access points 1 104
D-link DWL-2600AP - Guest network 1 42
New modem? 4 60
iPad Won't Connect 16 42
Hopefully this article will help someone who's had the same issues I had. I have a Dell Wireless 1390 WLAN Mini-Card and Windows 7, and for the past couple of days I was beyond frustrated because my wireless laptop was not able to access the Inte…
Today sees the launch of a new case study, focusing on BYOD technologies we have been working with for some time now.  But with the advent of 802.11ac wireless technologies and the story behind our landmark developments, we would like to share this …
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now