This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
RUCKUS Self Help |   ASK the Pack
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

dot1x: common name for radius certificate

ebi
New Contributor II

‎02-13-2023 01:51 AM

hello,

in order to autenticate users with dot1x I need to install a ssl certificate on the radius server;

is there a best practices about the common name, expiration time and signing CA to use for the certificate in order to have as much compatibility as possibile?

(user devices will not be on my control, nor joined to a AD, so I will not have the possibility to configure system trust on a specific certificate or CA).

0 Kudos
5 REPLIES 5

bruno_andrade
RUCKUS Team Member
In response to ebi

‎02-16-2023 11:38 AM

Hello, you will need to configure your devices supplicant, so yes, the first time you will have to manually check to trust the CA.

The idea of ​​using a public certificate is that you don't need to install the CA certificate on the device as it already has some public CA installed.

The common name of the certificate doesn't matter in this case (but don't use a wildcard certificate, as explained before), on most radius server you can only have one certificate for Radius and this works for any SSID (and also for wired auth).

If you are looking for a way to make it easier for your users you might want to check out the CloudPath solution, with CP you can redirect your users to a portal to sign up without an IT specialist doing all the steps on all devices.

Bruno Andrade | Principal TSE Bulldog Americas | RCNA | CWNA | CWDP
Follow me on LinkedIn
0 Kudos
Copyright © 2024 Khoros, LLC