Security

Reply
Contributor I
Posts: 33
Registered: ‎02-22-2011

How do I implement ClearPass with AirWatch using SCEP?

We are implementing AirWatch to manage MobilePOS iPods, sales teams' iPads, and other devices. In addition, we're using ClearPass OnBoard to give unique certificate for EAP-TLS authentication on wireless.  I know that AirWatch can use an SCEP provider and I believe ClearPass can be that SCEP provider as of v6.3.0. Has anyone set this up? My ideal is to have device enroll in AirWatch then be able to push a ClearPass cert to the device along with wireless settings, similar to what we currently do in the ClearPass OnBoard process, but without the manual onboarding.

 

Thanks,

Swack

@swackhap

Twitter: @swackhap
MVP
Posts: 4,271
Registered: ‎07-20-2011

Re: How do I implement ClearPass with AirWatch using SCEP?

Danny jump created a tech note doc on how to do this , I recently used it and it was very helpful.

It's in the support.arubanetworks.com > documentation > ClearPass > Policy Manager > Tech Notes

EMM integration
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Moderator
Posts: 485
Registered: ‎11-09-2012

Re: How do I implement ClearPass with AirWatch using SCEP?

Take a look at my TehNote that Victor refences..the SCEP section is right the end and covers MobileIron and AirWatch in detail.


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Contributor I
Posts: 33
Registered: ‎02-22-2011

Re: How do I implement ClearPass with AirWatch using SCEP?

Great tech note Danny Jump!  Related question: is end device getting the certificate by communicating directly with CPPM or is it getting it from the AirWatch which is in turn getting it from CPPM? We tested with an iPhone that was enrolled in AirWatch but the iPhone was unable to pull the cert until we put it on wireless network where it could reach CPPM directly.

 

Thanks,

Swack

Twitter: @swackhap
Moderator
Posts: 485
Registered: ‎11-09-2012

Re: How do I implement ClearPass with AirWatch using SCEP?

Thanks for the feedback..!! 

 

Does the diagram at the top of Page-47 not provide the info requested?


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Contributor I
Posts: 33
Registered: ‎02-22-2011

Re: How do I implement ClearPass with AirWatch using SCEP?

Perfect answer! Thanks again! I guess I might need to securely expose CPPM to outside.
Twitter: @swackhap
Frequent Contributor I
Posts: 69
Registered: ‎05-06-2013

Re: How do I implement ClearPass with AirWatch using SCEP?

In working with this some more, I'm seeing some online articles referring to security problems in SCEP. I'm trying to learn more about how SCEP works in general and specifically with ClearPass. I don't seem to find entries in Access Tracker for SCEP requests coming from an iPad that is being directed to my ClearPass from an Airwatch policy. Where can I see in some logs what's going on? How can I lock down who or what can request an SCEP cert?

Moderator
Posts: 485
Registered: ‎11-09-2012

Re: How do I implement ClearPass with AirWatch using SCEP?

Hey Patrick,

 

Hope your well.... good to catchup at Aireheads.

 

You can find the logging requests for the SCEP enrollement in /guest side of the house.

 

Look under Administration/Support/Application Log

 

You might have to go into the plug-ins and enable 'deeper' logging if you need more than the standard logging.

 

HTH.


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: