Security

Reply
Frequent Contributor I
Posts: 83
Registered: ‎09-08-2015

ClearPass Onboard Registration Authority w/ ADCS SCEP

Looking at setting this up for a customer, has anyone set this up yet?

 

Was introduced in ClearPass 6.6.2.

 

Any advantages / disadvantages to the old way of ClearPass proxying the Client Cert request to AD web services?

Guru Elite
Posts: 8,328
Registered: ‎09-08-2010

Re: ClearPass Onboard Registration Authority w/ ADCS SCEP

The new way allows for ClearPass to only be "aware" of the cert, but not store it.

Either way is valid.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 83
Registered: ‎09-08-2015

Re: ClearPass Onboard Registration Authority w/ ADCS SCEP

Does Aruba have a recommended approach to BYOD certs?

I've heard a few presentations where SE's recommend using the local Onboard CA only.

 

Are there any plans to publish any sort of ADCS w/ SCEP integration guides like with the old method?

Guru Elite
Posts: 8,328
Registered: ‎09-08-2010

Re: ClearPass Onboard Registration Authority w/ ADCS SCEP

>From a purely security best practice (not necessarily Aruba), it's a good
idea to maintain a complete trust boundary for BYODs. If you issue certs
from your internal CA to your BYODs, you could inadvertently grant access to
other services who are doing a basic client certificate check.



We can add it to the list. Can't give an ETA right now though.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: