AAA, NAC, Guest Access & BYOD

Understanding "Key Type" option in the Provisioning Settings.

Aruba Employee
Q:

What is the difference between the Key Type "created by device" and "created by server" in the ClearPass OnBoard >> Provisioning Settings.

 

 



A:

The option "created by device" will use SCEP to provision the EAP-TLS client certificate. The certificate signing request will be generated in the device and get it signed against OnBoard CA , so the private key is known only to the device. When you use the option"created by device", re-provisioning a client will generate new certificate every time.

 

When you select the option "created by server", the ClearPass server itself will generate and sign the EAP-TLS client certificate and install it on the device during the provisioning process. Re-provisioning a client will re-use the existing client certificate of the same user/device, if the existing certificate expiration is more than 25% of its lifetime.

 

 

Version history
Revision #:
2 of 2
Last update:
‎09-01-2016 10:08 AM
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: