Security

Reply
MVP

Don't try this at home: Can we let a device EAP-TLS with an expired cert?

We have a vendor who's "totally automated system for updating certificates" turns out to be a very-alpha web-portal where you manually upload certficates re-wrapped in their special text format.

Never mind my thoughts about that, the upshot is we have 30 wireless clients at a remote office getting rejects due to expired certificates.

That's what's supposed to happen.

Now for what isn't supposed to happen:

What do I have to tell ClearPass to get it to accept them with an expired cert? Is it even possible?

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Guru Elite

Re: Don't try this at home: Can we let a device EAP-TLS with an expired cert?

No. An expired cert by spec does not pass basic certificate validation and is therefore rejected before any policy evaluation can happen.


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP

Re: Don't try this at home: Can we let a device EAP-TLS with an expired cert?

That's how I was reading the logging - just thought I'd get resounding confirmation.  Thanks.

 

The vendor will have to priveledge of visiting the remote site to complete their "automated" cert update. Joy.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: