Security

last person joined: 19 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

OSX ClearPass Onboard trust certificate in the Keychain automatically?

This thread has been viewed 0 times

  • 1.  OSX ClearPass Onboard trust certificate in the Keychain automatically?

    Posted Jan 16, 2017 06:48 PM

    Hi All,

     

    We are new Aruba Customers. We are deploying ClearPass Onboarding at the moment for our students, most of whom all use Apple MacBook Pro's. 

     

    1. Are there any tricks in ClearPass to force the ClearPass Onboarding Certificate to be trusted? 

     

    2. The Certificate installation process for a student is not intuitive enough. Students are prompted to install a certificate which just starts a download and they are not prompted to actually install the certificate. Is there a better way we can configure the certificate installation process?

     

    Thanks, 
    Richard



  • 2.  RE: OSX ClearPass Onboard trust certificate in the Keychain automatically?

    EMPLOYEE
    Posted Jan 16, 2017 06:52 PM
    Unfortunately no. It's just a file download and sometimes browsers don't auto open the file. You can change the text on the provisioning screens to be more prominent though.


  • 3.  RE: OSX ClearPass Onboard trust certificate in the Keychain automatically?

    Posted Jan 16, 2017 08:08 PM

    Hi Tim, 

     

    Thank you for your response. 

     

    We will have to look into creating some instructions for the students. 

     

    Have you even come across any tricks for forcing the certificate to be trusted as part of the certificate install?

     

    Thanks,
    Richard



  • 4.  RE: OSX ClearPass Onboard trust certificate in the Keychain automatically?

    EMPLOYEE
    Posted Jan 16, 2017 08:11 PM
    In most cases, it should work without forcing full trust.


  • 5.  RE: OSX ClearPass Onboard trust certificate in the Keychain automatically?

    Posted Jan 16, 2017 08:45 PM

    Yes true. The process works fine for wireless connectivity. We are hoping to use the ClearPass Certificate for SSL Inspection. This doesn't work unless the certificate is trusted. 

     

    This was one of the design decisions for choosing ClearPass.



  • 6.  RE: OSX ClearPass Onboard trust certificate in the Keychain automatically?

    EMPLOYEE
    Posted Jan 16, 2017 08:53 PM
    Oh, then users would definitely need to manually trust the certificate. Installing a root certificate is probably one of the most security sensitive things on a client device and absolutely needs user consent and interaction.