Mapping Instant AP Certificates
When an Instant AP joins a group that does not have a certificate, the Instant AP's existing certificate is retained. When an Instant AP joins a group that already has a certificate, the Instant AP's certificate is overwritten by the group certificate.
To map an Instant AP certificate name to a specific certificate type or category, complete the following steps:
1. In the app, set the filter to a group that contains at least one AP.
The dashboard context for the group is displayed.
2. Under , click > .
A list of access points is displayed in the view.
3. Click the icon.
The tabs to configure the access points are displayed.
4. Click , and click the tab.
The Security details page is displayed.
5. Click the accordion.
6. To map a certificate, for each usage type under , select the suitable certificate from the drop-down list:
—To verify the identity of a client.
—To verify the identity of the server to a client.
—To verify the identity of internal captive portalA captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. server.
—To verify the identity of the TLSTransport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. server.
—To verify the authentication between the Instant AP and the TLS server.
—To verify the identity of the clearpass server.
7. Click .
To enable certificates for the , contact the Aruba Central support team.
