Security

Reply
Occasional Contributor II
Posts: 78
Registered: ‎06-03-2014

Override OCSP URL from Client

1) if i do include ocsp url in the client cert, is the oscp request sent out by client or the clearpass? 

2) if i do not include ocsp url in the client cert, instead i overwrite oscp url from client in the authentication method; is the oscp request sent out by client or the clearpass?

Guru Elite
Posts: 20,579
Registered: ‎03-29-2007

Re: Override OCSP URL from Client

1.  Clearpass

2.  Clearpass determines (a) If there is an OCSP request (b) If it will choose the client's URL or (c) If it will choose its own..

 

EAP-TLS clients do not have an ip address until they authenticate, so that traffic cannot come from the client....



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite
Posts: 8,191
Registered: ‎09-08-2010

Re: Override OCSP URL from Client

OCSP for EAP-TLS is between the RADIUS server and the CA in all cases.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 78
Registered: ‎06-03-2014

Re: Override OCSP URL from Client

[ Edited ]

lets say i have a cluster of CP with different zone (Zone A,B) and i use onboard CA (ZoneA), i will need to allow from zone B data port ip for to zone A OSCP url port 80?? 

Search Airheads
Showing results for 
Search instead for 
Did you mean: