Security

Reply
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

Onboard Use only the certificate for authentication

Hi,

I have configured the atuthenitcation for internal client with Active directory credential.

My customer have a policy to change user password every 3 month.

 

For window pc there isn't issue but for mobile device yes.

The mobile device store old credential and with their connection attempt couse the account lock.

So the idea is use a certificate for the authentication of device.

 

Can you help me to understand how i can do it?

With onboard? in this case the active directory credentrial are needed?

With an external CA?

 

Thanks in advance

Andrea
Guru Elite
Posts: 8,322
Registered: ‎09-08-2010

Re: Onboard Use only the certificate for authentication

For mobile devices, you should look at using Onboard as it's the quickest, most user friendly way for end users. 


Thanks, 
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 4,227
Registered: ‎07-20-2011

Re: Onboard Use only the certificate for authentication

You can use ClearPass Onboarding and CPPM will act as the CA to hand out unique cert to each client.

 

During the onboarding process each device will install the necessary certs to do EAP-TLS authentication .

 

This is the way you could have it :

- Use your existing 802.1X PEAP authentication / ClearPass service to redirect devices (SmartDevices) to do the onboarding process .

- Once the device has completed the onboarding process then it will reauth but this time will be using  EAP-TLS.

 

Here's the ASE solution for a single SSID:

https://ase.arubanetworks.com/solution/id/34

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor I
Posts: 187
Registered: ‎03-27-2013

Re: Onboard Use only the certificate for authentication

Thanks =)


victorfabian wrote:

You can use ClearPass Onboarding and CPPM will act as the CA to hand out unique cert to each client.

 

During the onboarding process each device will install the necessary certs to do EAP-TLS authentication .

 

This is the way you could have it :

- Use your existing 802.1X PEAP authentication / ClearPass service to redirect devices (SmartDevices) to do the onboarding process .

- Once the device has completed the onboarding process then it will reauth but this time will be using  EAP-TLS.

 

Here's the ASE solution for a single SSID:

https://ase.arubanetworks.com/solution/id/34


 

Andrea
Search Airheads
Showing results for 
Search instead for 
Did you mean: