Security

Hi guys,

 

I have a customer which wants to onboard BYOD devices, in addition to install the required certificates on them for onboarding and using them in the corporate network, he wants to install the firewall certificate (.cer) on them in order to use the deep inspection feature on the firewall. Can Clearpass install the firewall certificate on them?

 

Regards,

Julián

No, there are OS limitations that prevent automatically configuring TLS decryption certificates for privacy reasons.

Hi Tim,

 

So that limitation is on ClearPass?

 

Regards,

Julián

No, as mentioned, they are OS restrictions due to privacy concerns.

Hi Tim,

 

But when you say OS restrictions what do you mean exactly? ArubaOS firmware? The mobile phone OS?

 

Regards,

Julián

Hi,

 

In the following thread jima_uk also wanted to use firewall certificates for deep inspection. Isn't the same?

 

We just need a method to "force" the certificate onto BYOD type devices to ensure the web filter decryption works seamlessly. At the moment without the certificate the end client gets a trust warning and on a lot of smart phones that effectively makes it looks like they have no internet conneciton, especially to less savy end users. The devices are not on our domain and also not managed by an MDM so searching for other solutions.

 

http://community.arubanetworks.com/t5/Security/Deploying-additional-certificates/td-p/269180

 

Regards,

Julián

No, this no longer possible due to device restrictions.

Hi Tim,

 

Ah, then you mean before was possible but not now due to the phones restrictions? So if ClearPass wants to install these certificates on the phones will fail?

 

Regards,

Julián

It has nothing to do with the installation. Many devices will not implicitly trust the CA.