cancel
Showing results for 
Search instead for 
Did you mean: 

dot1x: common name for radius certificate

ebi
New Contributor II

hello,

in order to autenticate users with dot1x I need to install a ssl certificate on the radius server;

is there a best practices about the common name, expiration time and signing CA to use for the certificate in order to have as much compatibility as possibile?

(user devices will not be on my control, nor joined to a AD, so I will not have the possibility to configure system trust on a specific certificate or CA).

5 REPLIES 5

bruno_andrade
RUCKUS Team Member

Hello, you will need to configure your devices supplicant, so yes, the first time you will have to manually check to trust the CA.

The idea of ​​using a public certificate is that you don't need to install the CA certificate on the device as it already has some public CA installed.

The common name of the certificate doesn't matter in this case (but don't use a wildcard certificate, as explained before), on most radius server you can only have one certificate for Radius and this works for any SSID (and also for wired auth).

If you are looking for a way to make it easier for your users you might want to check out the CloudPath solution, with CP you can redirect your users to a portal to sign up without an IT specialist doing all the steps on all devices.

Bruno Andrade | Principal TSE Bulldog Americas | RCNA | CWNA | CWDP
Follow me on LinkedIn