Security

Hi all,

Currenly I'm in the progress of setting up an environment with computer based certificates. The devices themselves are not joined to the AD domain, but are member of a specific OU group so they can be validated using Micosoft RADIUS (no ClearPass).

An important requirement is to be able to ensure a computer certificate can only be used by one device at a time.

The reason is to prevent multiple devices using the same computer certificate in case the cert is being cloned. Every device is required to have a unique certificate.

It would be even better if there is a possibility to have a device only be authenticated based on the computer certificate that has been assigned to the device itself. So that it is not being able to authenticate with a valid certificate that is assigned to another device.

thanks for your quick response. I'm aware if this option when creating certificates. There is the possibility that we do not manage this setting, therefore I was wondering if we can control this from an Aruba WLAN perpective.

For guest accounts there is an option to allow 1 or multiple users/sessions to use the one guest account. I'm trying to find out if the same option is present for 802.1x computer certificates.