Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Bulk Revoke SCEP Certificates in Clearpass

This thread has been viewed 1 times

  • 1.  Bulk Revoke SCEP Certificates in Clearpass

    Posted Feb 26, 2016 02:29 PM

    I'm looking for a way to bulk revoke certificates in ClearPass.

     

    I know it is possible to automatically revoke onboarded certificates that havent been used in x days, but I'm looking to do this with certificates which have been created via SCEP.

     

    What I'd like to do is remove all of username x's certificates and all certificates before y date.

     

    For example, revoke all of peter's certificates created before 1/1/2016.

     

    Automatically revoking SCEP certificates that havent been used in X days would be a huge win as well.



  • 2.  RE: Bulk Revoke SCEP Certificates in Clearpass

    Posted Mar 01, 2016 11:08 AM

    Anyone have a way to do this that's not "scraping the website"?

     

    It seems that SCEP requests get added to the CP Database as individual devices like "anonymous:14269" which makes it impossible to easily identify these.

     

    This becomes really difficult when a slightly overzealous SCEP profile deploy suddenly cuts a couple of thousand redundant certificates :)