cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
300
Views
20
Helpful
4
Replies
jspobuk
Beginner

Machine Certificate + VWLC + RADIUS

Hello, 

Looking for a very high level explanation.  I am trying to accomplish:

Tablet wirelessly connecting to existing RADIUS through VWLC

 

I need the certificate to be machine based, not user based.  I think.  I know the tablet needs to connect automatically without prompting for a user name and password. 

 

I am using WPA2 Enterprise Security

 

I am looking for direction on how to generate the necessary certificates so that the tablet is authenticated by the RADIUS server when connected.  

 

What certificate template do I use?

 

Do I generate the certificates through the VWLC? 

 

Where do I store the certificates?  Does it have to be on VWLC and tablet?  Or just tablet?

 

Thank you, 

John

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
ammahend
Rising star

as others mentioned you need a PKI infrastructure. 
What certificate template do I use?
workstation authentication template, when you go to manage template

 

Do I generate the certificates through the VWLC? 

No, vWLC is not a certificate authority. 

 

Where do I store the certificates?  Does it have to be on VWLC and tablet?  Or just tablet?

the client cert will be stored on client machine, server certificate will be on your Radius server, they both also need certificate authority root certificate to trust each other. 

See this video it might help.

https://youtu.be/SgAjEuCAFzE


Hope this helps

-Rate helpful posts-

View solution in original post

4 REPLIES 4
johnd2310
Collaborator

HI,

What radius server are you using, Cisco ISE or  Microsoft NPS?

The following doc should explain certificate  based authentication and how to configure it.

 

https://www.cisco.com/c/en/us/support/docs/wireless-mobility/wireless-lan-wlan/213543-configure-eap-tls-flow-with-ise.html

 

Thanks

John

**Please rate posts you find helpful**

Thank you for the quick response. We are using Microsoft NPS.

Hi,

You will need to configure your Microsoft infrastructure to support certificate  authentication. Check the following docs:

https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/deploy-server-certificates-for-802.1x-wired-and-wireless-deployments

 

Use the doc i previously attached for the cisco Wireless controller configuration.

 

Thanks

John

**Please rate posts you find helpful**
ammahend
Rising star

as others mentioned you need a PKI infrastructure. 
What certificate template do I use?
workstation authentication template, when you go to manage template

 

Do I generate the certificates through the VWLC? 

No, vWLC is not a certificate authority. 

 

Where do I store the certificates?  Does it have to be on VWLC and tablet?  Or just tablet?

the client cert will be stored on client machine, server certificate will be on your Radius server, they both also need certificate authority root certificate to trust each other. 

See this video it might help.

https://youtu.be/SgAjEuCAFzE


Hope this helps

-Rate helpful posts-
Create
Recognize Your Peers
Content for Community-Ad