03-09-2018 06:02 AM
We currently use 2 different certs: one for the EAP Authentication portion and one for the portals and admin access. The portals/admin is our wild card cert and the EAP Authentication cert is a “communications certificate”. We used this when we were part of the 1.2 EFT. Since then, we’ve pretty much just focused on not changing anything because it was working.
Now, we’re just curious if we need to keep this the way it is. Our cert expires May 2019, so we’re trying to get ahead of the game so if we can change certs, let’s go ahead and do it.
I hope that makes sense and doesn’t come off as the ramblings of a decaffeinated lunatic.
Michael Yelverton
UNCW BA – ITS – Netcom
Network Analyst
Solved! Go to Solution.
03-09-2018 06:19 AM
In nearly all deployments I use the EAP certificate for EAP and admin access as it is also used for the distributed deployment communications and by using a public CA signed certificate for admin access each time it is renewed you will need to reinstall the certificate which causes a restart of the application on each node (ie an outage). Public CA signed certificates normally have a shorter validity than an internal enterprise CA signed certificate (which you can make very long when you deploy the enterprise CA) so this outage is likely to be required more regularly than using an enterprise CA certificate for admin.
Also, the enterprise computers will trust the enterprise CA certificate for admin as well as EAP so not produce a certificate warning.
If the admin certificate lifetime and renewal outage is not an issue for you then you could continue as you are now.
03-09-2018 06:19 AM
In nearly all deployments I use the EAP certificate for EAP and admin access as it is also used for the distributed deployment communications and by using a public CA signed certificate for admin access each time it is renewed you will need to reinstall the certificate which causes a restart of the application on each node (ie an outage). Public CA signed certificates normally have a shorter validity than an internal enterprise CA signed certificate (which you can make very long when you deploy the enterprise CA) so this outage is likely to be required more regularly than using an enterprise CA certificate for admin.
Also, the enterprise computers will trust the enterprise CA certificate for admin as well as EAP so not produce a certificate warning.
If the admin certificate lifetime and renewal outage is not an issue for you then you could continue as you are now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide