Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

How do I implement ClearPass with AirWatch using SCEP?

This thread has been viewed 15 times

  • 1.  How do I implement ClearPass with AirWatch using SCEP?

    Posted Nov 07, 2014 06:43 PM

    We are implementing AirWatch to manage MobilePOS iPods, sales teams' iPads, and other devices. In addition, we're using ClearPass OnBoard to give unique certificate for EAP-TLS authentication on wireless.  I know that AirWatch can use an SCEP provider and I believe ClearPass can be that SCEP provider as of v6.3.0. Has anyone set this up? My ideal is to have device enroll in AirWatch then be able to push a ClearPass cert to the device along with wireless settings, similar to what we currently do in the ClearPass OnBoard process, but without the manual onboarding.

     

    Thanks,

    Swack

    @swackhap



  • 2.  RE: How do I implement ClearPass with AirWatch using SCEP?

    Posted Nov 07, 2014 08:05 PM
    Danny jump created a tech note doc on how to do this , I recently used it and it was very helpful.

    It's in the support.arubanetworks.com > documentation > ClearPass > Policy Manager > Tech Notes

    EMM integration


  • 3.  RE: How do I implement ClearPass with AirWatch using SCEP?

    Posted Jun 27, 2018 07:26 AM

    Hi Victor,

    Would there be any chance to find where this document is now.  It seems to have moved.



  • 4.  RE: How do I implement ClearPass with AirWatch using SCEP?

    Posted Nov 07, 2014 09:35 PM

    Take a look at my TehNote that Victor refences..the SCEP section is right the end and covers MobileIron and AirWatch in detail.



  • 5.  RE: How do I implement ClearPass with AirWatch using SCEP?

    Posted Nov 12, 2014 12:20 PM

    Great tech note Danny Jump!  Related question: is end device getting the certificate by communicating directly with CPPM or is it getting it from the AirWatch which is in turn getting it from CPPM? We tested with an iPhone that was enrolled in AirWatch but the iPhone was unable to pull the cert until we put it on wireless network where it could reach CPPM directly.

     

    Thanks,

    Swack



  • 6.  RE: How do I implement ClearPass with AirWatch using SCEP?

    Posted Nov 12, 2014 07:41 PM

    Thanks for the feedback..!! 

     

    Does the diagram at the top of Page-47 not provide the info requested?



  • 7.  RE: How do I implement ClearPass with AirWatch using SCEP?

    Posted Nov 12, 2014 10:26 PM
    Perfect answer! Thanks again! I guess I might need to securely expose CPPM to outside.


  • 8.  RE: How do I implement ClearPass with AirWatch using SCEP?

    Posted Apr 02, 2015 03:47 PM

    In working with this some more, I'm seeing some online articles referring to security problems in SCEP. I'm trying to learn more about how SCEP works in general and specifically with ClearPass. I don't seem to find entries in Access Tracker for SCEP requests coming from an iPad that is being directed to my ClearPass from an Airwatch policy. Where can I see in some logs what's going on? How can I lock down who or what can request an SCEP cert?



  • 9.  RE: How do I implement ClearPass with AirWatch using SCEP?

    Posted Apr 03, 2015 01:17 PM

    Hey Patrick,

     

    Hope your well.... good to catchup at Aireheads.

     

    You can find the logging requests for the SCEP enrollement in /guest side of the house.

     

    Look under Administration/Support/Application Log

     

    You might have to go into the plug-ins and enable 'deeper' logging if you need more than the standard logging.

     

    HTH.