Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass Certificate Revocation List Set-up and use of HTTP proxy

This thread has been viewed 2 times

  • 1.  Clearpass Certificate Revocation List Set-up and use of HTTP proxy

    Posted Jul 14, 2015 08:30 AM

    I am trying to set-up a Certificate Revocation List (CRL) on Clearpass (6.5.1) but the appliances are configured to use a HTTP proxy.

    When I add the CRL URL, I get an "Proxy Authentication Required" error message.

    The HTTP proxy is set-up correctly with authentication and this is working as the appliance can download software updates. If I turn off the proxy then the CRL URL is accepted.

    Does anybody know whether the CRL check utilises the HTTP proxy credentials?

    Thanks



  • 2.  RE: Clearpass Certificate Revocation List Set-up and use of HTTP proxy
    Best Answer

    EMPLOYEE
    Posted Jul 15, 2015 10:12 AM

    Hi David,

     

    You might see this error 'Proxy Authentication Required', when the HTTP Connect prior to GET is not allowed via proxy.

     

    ClearPass 6.5.2 has an option to bypass proxy for CRL. Try bypassing the proxy for CRL under Administration->Certificates->Revocation Lists. 

     

    bypass_proxy.png