Security

Hi everyone,

 

Need your help, last 6 months we bought 5k onboard license, now we got error "license.msg.errAuthCountExceed.Onboard" in our clearpass server. the license is exceeded to 6000 plus, Our initial plan is to using ONBOARD only for windows user, but it seem even android using it, supposely android should be can direct connecting to our network campus.

 

My problem now is how to delete the remaining 1000 CA for the android user, i can't find to check/tick multiple license to delete.

 

It is very troublesome to delete one by one.

 

Thanks

Unfortunately as of today you can only delete the one at a time or you can delete the root and it will remove all of its certs that it provisioned.

Most users do not want the option to delete all because you are at the risk of deleting the certs that are still being used on accident. (I would hate to get the phone call from a CEO or school president if you deleted his device on accident. :) ) The one at a time with conformation keeps that issue from happening.

Thanks for your feedback,

 

i have one more thing to ask, why the total number of license is not tally between

 

1) Administration -> Server Manager -> Licensing  (it shows abou 6000 plus)

 

2) Onboard -> Certificate Management -> (The total CA is about 8000 plus)

 

i need to delete current CA to reduce the license to below 5K, where should i delete the CA, and how to refresh the server to see the decreasing number of license usage.

 

Really appreciate your feedback, Thanks

If you go to the onboard CA and click on the CA. It will give you an option to delete all certs.

I would have to look at the lic on your sever, but one thing is onboard lic is based on active provisioned certs in CPPM not active devices with a cert on the network. If you would revoke or delete a cert it would free up a lic.

Thanks,

so i assume that after i delete the CA for android user, let say 1000 CA one by one, then after that the license usage will show below than 5k, then the error "license.msg.errAuthCountExceed.Onboard" will dissapear. Is it correct ?

If you delete the CA then it will remove all the certs. If you delete or revoke one at a time then yes you will be under your lic count.

Thank You So Much:smileyhappy:

Sorry, don't mean to interject but I've a similar situation, I've deleted all of my onboard users but the licenses have not shown as available?

 

Hi All,

 

I work for a school district and would like to remove our existing client certificates to prepare for the upcoming school year.  I currently have 3015 client certs issued, is there a way to mass delete the certificates?  Will using the "Delete all certificates" function delete only the client certs?  I'm still fairly new to the CPPM world and do not want to muck anything up with the production system certs.

 

Thanks,

 

Alfredo

When you go to your Root CA and click the delete certs it will only delete the client certs under that root.

 

I performed the delete all on-boarded client certs last night and noticed this morning that all my MAC OS Users are not able to authenticate now.  Anyone see the same issue?

They'll need to delete the connection/SSID profile on their device. The certificate is set in the profile.