Security

Reply
Frequent Contributor I
Posts: 66
Registered: ‎01-27-2014

Certificate Revocation list on Clear pass

Once we add the CRL on the clear pass Administration--->Certificate-Revocation list -->URL

 

 

May i know where we can view the Serial numbers of certificates which are revoked on the CPPM?

 

and i have the EAP-tls service is there anything else i need to confgure to do CRL check?

 

 

Guru Elite
Posts: 8,794
Registered: ‎09-08-2010

Re: Certificate Revocation list on Clear pass

You would need to look at the CRL contents directly via the URL. We do not have a way to view the contents in the GUI. 


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 66
Registered: ‎01-27-2014

Re: Certificate Revocation list on Clear pass

So i need to use the URL put on a web browser and able to see the Serail numbers of Certificates.

 

Is my understanding is correct?

Guru Elite
Posts: 8,794
Registered: ‎09-08-2010

Re: Certificate Revocation list on Clear pass

[ Edited ]

Yes, or look at your Certificate Authority. Raw CRLs and OCSP responses were never really designed for human consumption :)


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 66
Registered: ‎01-27-2014

Re: Certificate Revocation list on Clear pass

Thanks a lot

Occasional Contributor II
Posts: 94
Registered: ‎11-27-2014

Re: Certificate Revocation list on Clear pass

Hi,

 

After you configured the CRL, did you then have to reference this in your service? I'm reviewing our EAP-TLS service but can only see references to OSCP configuration? 

 

With this in mind, is it the case that once the CRL is configured that the EAP-TLS service inherently uses this CRL without it being explicitly configured?

 

Thanks

Guru Elite
Posts: 8,794
Registered: ‎09-08-2010

Re: Certificate Revocation list on Clear pass

No, it just needs to be defined. OCSP should be used with EAP-TLS though.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II
Posts: 94
Registered: ‎11-27-2014

Re: Certificate Revocation list on Clear pass

Agree regarding the OCSP comment, we are being given a steer by our internal PKI team to use a CRL :(

 

Thanks for confirming.

Search Airheads
Showing results for 
Search instead for 
Did you mean: