09-11-2015 04:30 AM
Having just created my own root/intermediate CA certs and used them to generate a client cert for EAP-TLS usage, I now need to implement some form of CRL setup for these certs. I notice that under CPPM/Admin/Certificates there is an entry for revocation lists but wondered if CPPM had ocspd capabilites.
I've found config entries under the radius server section that suggests cppm can talk to an external ocsp service so I'm guessing that that answer is no but thought I'd check..... and just found that the EAP-TLS with ocsp method seems to point to a localhost URL .. so maybe it does ....
... more reading methinks
09-11-2015 04:55 AM
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
09-11-2015 06:18 AM
Yup, just found the Cetificate Authority stuff in the Clearpass Onboard section.
Bit happier with what's available in Clearpass to the ocspd stuff I was looking at, as its GUI based and the rest of the network team can use it.
Intention is to roll out EAP-TLS certificates for whole batch of devices from "Android on a stick" kit that'll provide Information display devices round the campus to wireless VOIP phones to wired IP phones so I think using the Clearpass Onboard part of CPPM to generate/manage certs which are then used to auth to the network via policy manager sounds the way to go