Security

Reply

OSX ClearPass Onboard trust certificate in the Keychain automatically?

Hi All,

 

We are new Aruba Customers. We are deploying ClearPass Onboarding at the moment for our students, most of whom all use Apple MacBook Pro's. 

 

1. Are there any tricks in ClearPass to force the ClearPass Onboarding Certificate to be trusted? 

 

2. The Certificate installation process for a student is not intuitive enough. Students are prompted to install a certificate which just starts a download and they are not prompted to actually install the certificate. Is there a better way we can configure the certificate installation process?

 

Thanks, 
Richard

Guru Elite

Re: OSX ClearPass Onboard trust certificate in the Keychain automatically?

Unfortunately no. It's just a file download and sometimes browsers don't auto open the file. You can change the text on the provisioning screens to be more prominent though.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: OSX ClearPass Onboard trust certificate in the Keychain automatically?

Hi Tim, 

 

Thank you for your response. 

 

We will have to look into creating some instructions for the students. 

 

Have you even come across any tricks for forcing the certificate to be trusted as part of the certificate install?

 

Thanks,
Richard

Guru Elite

Re: OSX ClearPass Onboard trust certificate in the Keychain automatically?

In most cases, it should work without forcing full trust.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: OSX ClearPass Onboard trust certificate in the Keychain automatically?

Yes true. The process works fine for wireless connectivity. We are hoping to use the ClearPass Certificate for SSL Inspection. This doesn't work unless the certificate is trusted. 

 

This was one of the design decisions for choosing ClearPass.

Guru Elite

Re: OSX ClearPass Onboard trust certificate in the Keychain automatically?

Oh, then users would definitely need to manually trust the certificate. Installing a root certificate is probably one of the most security sensitive things on a client device and absolutely needs user consent and interaction.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: