certificate and radius authentication

  • 1
  • Question
  • Updated 5 years ago
  • Answered
Hi ,

We're a private school and would like to integrate wireless access with students BYOD devices. Right now we have Aerohive AP that is radius server and we have certificate from GoDaddy.
BYOD clients get security warnings on devices that may cause users to stop verifying certificates altogether.
Is there any way around this warning (certificate is not valid) once client tries to authenticate?

HiveManager version is: 6.0r2a

Thanks

Dj
Photo of Dj

Dj

  • 0 Posts
  • 0 Reply Likes

Posted 5 years ago

  • 1
Photo of Rusty Wyatt

Rusty Wyatt, Technical Support Engineer

  • 14 Posts
  • 15 Reply Likes
DJ,

It sounds like your GoDaddy certificate chain is not complete and it is breaking the device's validation of the certificate. Given you have a GoDaddy certificate, you likely are missing the Intermediate CA certificate that signed your server certificate.

Create a new GoDaddy CA certificate by opening both the root CA certificate and the appropriate Intermediate CA certificate in a text editor. Copy and Paste one of the certificates text content into the bottom of the other file. This new file will include both the Root and Intermediate CA certificates. Save this file with a different filename (something descriptive) and import it into your HiveManager in the certificate store. Configure your RADIUS configuration to use this new CA certificate along with your previously defined server certificate and key.

When this is done correctly, iOS devices should see this certificate without issue. Windows machines will likely continue to show a certificate warning as the machine's NTAuth store has to be updated to include the GoDaddy CA as a valid signer of RADIUS certificates.

-Rusty
Photo of Dj

Dj

  • 0 Posts
  • 0 Reply Likes
Hi Rusty,

We just tried this and iOS devices still get certificate warning on their devices.

Dj
Photo of Rusty Wyatt

Rusty Wyatt, Technical Support Engineer

  • 14 Posts
  • 15 Reply Likes
Dj,

When you receive this certificate acceptance on the iOS device, does the device tell you why the certificate failed? Let's just make sure we're not tracking down the wrong potential problem with the certificate. The certificate failure will usually occur because of one of the following:

- Untrusted CA
- Expired Certificate
- Common Name / hostname mismatch

-Rusty
Photo of Dj

Dj

  • 0 Posts
  • 0 Reply Likes
Rusty,

iOS devices get warning to view and trust GoDaddy certificate and Windows 7 clients gets: Go Daddy Class 2 Certification Authority is not configured as a valid trust anchor for this profile.

Dj
Photo of Rusty Wyatt

Rusty Wyatt, Technical Support Engineer

  • 14 Posts
  • 15 Reply Likes
Dj,

Your Windows 7 client experience will likely remain. See the Microsoft KB article on this issue:

http://support.microsoft.com/kb/2518158

Making the iOS clients connect without interruption should be possible, however, it may be worthwhile to continue troubleshooting this by opening a support case on this issue. If that is something you desire to explore, please contact the support group at 866-365-9918.

-Rusty