N

2 Messages

 • 

82 Points

Tue, May 18, 2021 9:02 AM

Trying to configure wifi authentication Radius by certificates

Hello !

I'm using Ruckus Virtual SmartZone essential 5.1

I'm trying to configure wifi authentification with my Radius. I would like set computer AND user authentication. 

I know it's not possible (i think it's not). So i have an idea

If it's possible, set user authentication, AND certificates authentication. The certificate must be deployed with GPO (by exemple) for every computer of my domain.

That's how i think remplace the computer authentication. If your computer are in my domain, you have the certificate on it AND be log with your AD account on the computer and the authentication is allowed.

If one of these conditions is missing, authentication failed

User authentication is ready but i'm lost with certificates... Can't import certificate, each time i try to import one (.pem or .cer) i have this message : FAIL: Can not get root CA info

I try to import them in System -> certificates -> SZ Trusted CA certificates/chain (external)

And i don't see something like 'certificate authentication' in authentication methods of my Wireless LANs. Maybe because i have no certificate for the moment.

Thanks for helping :)

Responses

Official Rep

 • 

1.2K Messages

 • 

16.6K Points

4 m ago

Hi Nicolle,

Please make sure TLS is enabled on AAA radius profile on SZ.

Also try to export he cert to .cer and upload again on controller Trusted CA cert store.

2 Messages

 • 

82 Points

Hi,

Thanks for your answer !

I searched where enable or disable the TLS and i found that, in :

Services & Profiles > Authentication > Proxy (SZ Authenticator) > Configure

I see some option about TLS, but on my controller i don't have it. The only one option i have is RFC 5580 Out Of Bank Location Delivery. I try to enable it even i think it's not about TLS and nothing happen.

Didn't find any option about TLS :/

I import a cert with success. I imported it in DER encoded binary, but he need to be in base-64 encoded if you want no error on the controller.

I import with success a cert, but I don't know if I get it. When the controller will receive an asking authentication from someone, he will check by himself if the client know the certificate ?

So no need to configure something else to check if client (phone or laptop through AP) know the cert and can have access to the network ?

(edited)

Important Announcement