Security

Reply
MVP
Posts: 360
Registered: ‎05-09-2013

Onboard Certificate Untrusted Install

Hi All,

 

Testing an Onboard configuration and during the QuickConnect process of changing the network settings, the Onboard Client attempts to install a certificate, but a popup displays stating the server cannot be validated and should we install. I don't think I had this prompt before so I don't know what I'm missing.

 

Any ideas how to get this to not display? We are OK with not validating certificates on the install.

 

We have AOS 6.4 and Clearpass 6.4

 

Tested this on Win7 and Win10 so far and same result.

 

[2015-08-12]-Image-3.jpg


Michael Haring | Senior Network Engineer
Comm Solutions, an Optiv Security Company
www.commsolutions.com | www.optiv.com
Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Onboard Certificate Untrusted Install

This will always come up during Onboarding for Windows. Any application that
installs to the cert store will receive this prompt.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 360
Registered: ‎05-09-2013

Re: Onboard Certificate Untrusted Install

Is there a possibility of pushing the correct certs out via GP so no users will have to accept this?


Michael Haring | Senior Network Engineer
Comm Solutions, an Optiv Security Company
www.commsolutions.com | www.optiv.com
Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Onboard Certificate Untrusted Install

Even if you push out certs, it will install it again as part of the Onboard
process.



Just curious, if you have the capability to push out certificates, why are
you using Onboard?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 360
Registered: ‎05-09-2013

Re: Onboard Certificate Untrusted Install

Customer does not want to push out certificates, originally planned to allow the Onboard to do the installation or "push", but wasn't aware of the certificate prompt. I think we will likely just deal with the prompt.

 

Thanks for the  help!


Michael Haring | Senior Network Engineer
Comm Solutions, an Optiv Security Company
www.commsolutions.com | www.optiv.com
Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Onboard Certificate Untrusted Install

It's the equivalent to the prompt on Apple devices asking you trust the
Onboard certificate initially.



The certificate is foreign to the user profile and device so there needs to
be verification.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: