Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Certificate Revocation list on Clear pass

This thread has been viewed 10 times

  • 1.  Certificate Revocation list on Clear pass

    Posted Mar 28, 2017 09:28 PM

    Once we add the CRL on the clear pass Administration--->Certificate-Revocation list -->URL

     

     

    May i know where we can view the Serial numbers of certificates which are revoked on the CPPM?

     

    and i have the EAP-tls service is there anything else i need to confgure to do CRL check?

     

     



  • 2.  RE: Certificate Revocation list on Clear pass
    Best Answer

    EMPLOYEE
    Posted Mar 28, 2017 09:48 PM

    You would need to look at the CRL contents directly via the URL. We do not have a way to view the contents in the GUI. 



  • 3.  RE: Certificate Revocation list on Clear pass

    Posted Mar 28, 2017 10:28 PM

    So i need to use the URL put on a web browser and able to see the Serail numbers of Certificates.

     

    Is my understanding is correct?



  • 4.  RE: Certificate Revocation list on Clear pass

    EMPLOYEE
    Posted Mar 28, 2017 10:34 PM

    Yes, or look at your Certificate Authority. Raw CRLs and OCSP responses were never really designed for human consumption :)



  • 5.  RE: Certificate Revocation list on Clear pass

    Posted Mar 28, 2017 10:37 PM

    Thanks a lot



  • 6.  RE: Certificate Revocation list on Clear pass

    Posted Jul 05, 2017 07:50 AM

    Hi,

     

    After you configured the CRL, did you then have to reference this in your service? I'm reviewing our EAP-TLS service but can only see references to OSCP configuration? 

     

    With this in mind, is it the case that once the CRL is configured that the EAP-TLS service inherently uses this CRL without it being explicitly configured?

     

    Thanks



  • 7.  RE: Certificate Revocation list on Clear pass

    EMPLOYEE
    Posted Jul 05, 2017 08:02 AM
    No, it just needs to be defined. OCSP should be used with EAP-TLS though.


  • 8.  RE: Certificate Revocation list on Clear pass

    Posted Jul 05, 2017 09:27 AM

    Agree regarding the OCSP comment, we are being given a steer by our internal PKI team to use a CRL :(

     

    Thanks for confirming.