Security

Reply
New Contributor
Posts: 2
Registered: ‎12-13-2012

Onboard with Public Certificate

[ Edited ]

Hi All,

 

This is my first experience deploying Clearpass Onboard. I have a setup where Clearpass is integrated with Aruba controller and it's Onboard module generate client certificate for EAP-TLS. The client device are iPads.

We want to use public cert and run Clearpass CA as Intermediate CA. We created a new Intermediate CA and generated CSR to be signed.

Am I missing something for this scenario?

 

MVP
Posts: 421
Registered: ‎11-04-2011

Re: Onboard with Public Certificate

That will not work, no public CA will sign your intermediate as that effectively breaks the SSL trust model.

 

Please read the document "CPPM - Certificates 101 Technote V1.2" from:

https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/7961/Default.aspx

 

In short: the certificates that ClearPass Onboard issues as client certificates do not need any public trust as these are only used to validate the client on the network.

 

So use the built-in CA for issueing the client certificates, use a public trusted CA for your HTTPS Server certificate on the ClearPass server and the used RADIUS certificate depends on circumstances and can be either a public or private certificate.

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC.
New Contributor
Posts: 2
Registered: ‎12-13-2012

Re: Onboard with Public Certificate

Thank you Herman. I managed to figured it out in a hard way :-)

Search Airheads
Showing results for 
Search instead for 
Did you mean: