Security

Reply
Occasional Contributor II

Onboarding Certificate Attributes

Greetings all!

 

We're wanting to have only certain people be able to onboard our enterprise owned devices.(our PC techs) I have this pretty much setup and seems to be working, however when one of our techs onboards a device the certificate issued in Onboard is issued to thier username.  I'm wanting machine authentication only as all our devices will be domain joined laptops and I don't care about which user is logged in. The issue is that when managing the certificates in Onboard we can't tell easily what device the certificates belong to, as it only shows the username.  Anyway to get this to be the windows computer name or a custom field on the login page that the tech can enter the computer name manually, instead of assigning it directly to the Onboard username?

 

Any advice?

 

Thanks!

Guru Elite

Re: Onboarding Certificate Attributes

Onboard is designed for user to machine binding. There is really no concept of a machine identity cert today.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Onboarding Certificate Attributes

Okay, thanks. So in order to do what we're wanting it sounds like ADCS is about the only way to do it?

 

Thanks

Guru Elite

Re: Onboarding Certificate Attributes

For a true machine cert, yes.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Onboarding Certificate Attributes

Thanks for the help.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: