EAP Authentication cert “communications certificate”

bwongtho — Fri, 09 Mar 2018 14:02:03 GMT

We currently use 2 different certs: one for the EAP Authentication portion and one for the portals and admin access. The portals/admin is our wild card cert and the EAP Authentication cert is a “communications certificate”. We used this when we were part of the 1.2 EFT. Since then, we’ve pretty much just focused on not changing anything because it was working.

Now, we’re just curious if we need to keep this the way it is. Our cert expires May 2019, so we’re trying to get ahead of the game so if we can change certs, let’s go ahead and do it.

I hope that makes sense and doesn’t come off as the ramblings of a decaffeinated lunatic.

Michael Yelverton

UNCW BA – ITS – Netcom

Network Analyst

Re: EAP Authentication cert “communications certificate”

dmh — Fri, 09 Mar 2018 14:19:32 GMT

In nearly all deployments I use the EAP certificate for EAP and admin access as it is also used for the distributed deployment communications and by using a public CA signed certificate for admin access each time it is renewed you will need to reinstall the certificate which causes a restart of the application on each node (ie an outage). Public CA signed certificates normally have a shorter validity than an internal enterprise CA signed certificate (which you can make very long when you deploy the enterprise CA) so this outage is likely to be required more regularly than using an enterprise CA certificate for admin.

Also, the enterprise computers will trust the enterprise CA certificate for admin as well as EAP so not produce a certificate warning.

If the admin certificate lifetime and renewal outage is not an issue for you then you could continue as you are now.

topic Re: EAP Authentication cert “communications certificate” in Network Access Control

EAP Authentication cert “communications certificate”

Re: EAP Authentication cert “communications certificate”