AAA, NAC, Guest Access & BYOD

 View Only
last person joined: one year ago 

Solutions for legacy and existing products and solutions, including Clearpass, CPPM, OnBoard, OnGuard, Guest, QuickConnect, AirGroup, and Introspect
Back to Library

Understanding "Key Type" option in the Provisioning Settings. 

Sep 01, 2016 01:08 PM

Q:

What is the difference between the Key Type "created by device" and "created by server" in the ClearPass OnBoard >> Provisioning Settings.

 

 



A:

The option "created by device" will use SCEP to provision the EAP-TLS client certificate. The certificate signing request will be generated in the device and get it signed against OnBoard CA , so the private key is known only to the device. When you use the option"created by device", re-provisioning a client will generate new certificate every time.

 

When you select the option "created by server", the ClearPass server itself will generate and sign the EAP-TLS client certificate and install it on the device during the provisioning process. Re-provisioning a client will re-use the existing client certificate of the same user/device, if the existing certificate expiration is more than 25% of its lifetime.

 

 

Statistics
0 Favorited
1 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.