AAA, NAC, Guest Access & BYOD

Does CPPM support automatic revocation/deletion of certificates for inactive devices

Environment- Customers implementing OnBoarding using Clearpass Policy Manager

Answer- Starting from 6.5 version, OnBoarding module in the Clearpass Guest has the option to revoke certificates for inactive devices after the specified amount of time. This option is disabled by default.

For this feature to work, Insight needs to be enabled on this node as it relies on Insight data. Also the node should be configured as the Insight Master.

In order to configure this feature, please navigate to the below location in the Clearpass Guest GUI:

Onboard -> Deployment and Provisioning > Provisioning Setting  -> Click on the provision settings profile and "Edit" -> Under General Tab scroll down to "Actions" -> At "Revoke Inactive" check the box for "Revoke certificates for inactive devices" to automatically revoke the certificates for devices after a period where the device is not seen on the network.

Set the "Inactivity Period" in days based on your requirement. So if a device does not authenticate on the network after this period its certificate will be revoked.

rtaImage (26).jpg


Version History
Revision #:
1 of 1
Last update:
‎04-05-2015 11:35 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.