Wifi authentication via certificate


#1

Hi,

in our enterprise (AW 9.2.1 on-prem ) , for security reasons, we would like to start deploying a wifi network with certificate authentication.
I’ve no experience with certificate authentication. I red that this is possible using a private CA that generates a client certificate for every device enrolled, and the device offers the certificate to the AP during the authentication.

We have an internal Microsoft CA and an Aruba managed AP system.

Could anyone write the major steps to setup a wifi authentication via certificate? Any guide or documentation that can help?

Or any (good or bad) feedback about certificate wifi authentication

Really thank you in advance
Giorgio


#2

Giorgio
This is really easy to do.

  1. need an ACC (enterprise system connector) in the same domain as the CA as it uses dcom to talk.
  2. on the CA set up a template to be called by AW
  3. In AW go to settings-system-enterprise integration-certificate authorities and add your CA in there
  4. Under the Request templates create the CSR using the name of the template you created on the CA
  5. create a WiFi profile ADD Credentials first, select credential source as your defined CA add other fields as appropriate
  6. add the wifi part of the profile and select wpa/wpa2 enterprise and select certificate # 1

and that’s it really, the tricky bit is creating the cert template and CSR to match what your WiFi wants

Cheers
Mike