Security

Reply
Contributor II

Revoking clearpass onboard certificate fails

Hello guys,

We are using EAP-TLS certificates (after onboarding iOS devices) for authentication. Hopefully I should use [EAP TLS with OCSP enabled] as authentication method (not just 'EAP-TLS'). I'm trying to revoke a tls-client cert in clearpass such that it's client is denied access.

I'm mentioning an OCSP URL in Authority Info Access in clearpass onboard CA settings also. But when I try to access the network, I'm getting "Could not verify OCSP response - EAP-TLS: fatal alert by server - certificate_unknown" error. Please see the attached images.

Could you pls guide?

Thanks,
Bharani..

Re: Revoking clearpass onboard certificate fails

Is ClearPass the certificate authority or is it a subordinate CA?

 

If it's the CA, view the details for [EAP TLS With OCSP Enabled].  Check this against the actual OCSP URL.  To do this, switchover to ClearPass Guest, and navigate to: Onboard > Initial Setup > Certificate Authorities.  The ClearPass CA is listed here along with the OCSP URL.  Make sure it matches the URL in your EAP TLS method.

=======================================
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
Contributor II

Re: Revoking clearpass onboard certificate fails

Hello MVP,

 

Thank you for your reply. Probably that should be the mistake I guess. I'll go to office and give it a try and get back to you.

 

Regards,

Bharani..

Contributor II

Re: Revoking clearpass onboard certificate fails

Hi,

 

It has worked! The OCSP URL should be same on CPPM as well as CA settings in CPPM onboard page.

 

Thank you.

 

Regards,

Bharani..

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: