Security

Reply

Certificate Tech Note, Update ? Gospel ?

Guru Elite

Re: Certificate Tech Note, Update ? Gospel ?

Nothing has really changed.



https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Comma
nd/Core_Download/Default.aspx?EntryId=19184



It's best to work with an Aruba ClearPass partner when designing a ClearPass
solution.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Certificate Tech Note, Update ? Gospel ?

When it was written (back in 2013) with accommodating certs for CPPM cluster, it was mentioned Microsoft Windows 802.1x supplicant's don't support the use of wildcard certificates (making the CSR process and population of SAN entry easier).

Surely this has changed by now ?

Guru Elite

Re: Certificate Tech Note, Update ? Gospel ?

No, it still applies. Wildcard certificates are incredibly insecure.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Moderator

Re: Certificate Tech Note, Update ? Gospel ?

My posted version is the latest, I've no plans or need at this time to add much to it but i do agree it needs some minor mods but nothing dead urgent IMO. 


Best Regards
-d

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.

Re: Certificate Tech Note, Update ? Gospel ?

Except.. this part doesn't make much sense.....

The CSR configuration for cluster shows populating DNS names in the SAN field of *INTERNAL* names.

A Public CA vendor will not sign a CSR for any domain it can't vet, aka no internal FQDN suffix's....

Untitled.png

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: