Security

Reply
Frequent Contributor I
Posts: 60
Registered: ‎12-03-2015

limit the use of 1 computer certificate to 1 device

Hi all,

 

Currenly I'm in the progress of setting up an environment with computer based certificates. The devices themselves are not joined to the AD domain, but are member of a specific OU group so they can be validated using Micosoft RADIUS (no ClearPass).

 

An important requirement is to be able to ensure a computer certificate can only be used by one device at a time.

The reason is to prevent multiple devices using the same computer certificate in case the cert is being cloned. Every device is required to have a unique certificate.

 

It would be even better if there is a possibility to have a device only be authenticated based on the computer certificate that has been assigned to the device itself. So that it is not being able to authenticate with a valid certificate that is assigned to another device.

Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: limit the use of 1 computer certificate to 1 device

Mark the certificate as non-exportable in your certificate template.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I
Posts: 60
Registered: ‎12-03-2015

Re: limit the use of 1 computer certificate to 1 device

thanks for your quick response. I'm aware if this option when creating certificates. There is the possibility that we do not manage this setting, therefore I was wondering if we can control this from an Aruba WLAN perpective.

For guest accounts there is an option to allow 1 or multiple users/sessions to use the one guest account. I'm trying to find out if the same option is present for 802.1x computer certificates.

Guru Elite
Posts: 8,774
Registered: ‎09-08-2010

Re: limit the use of 1 computer certificate to 1 device

No, there is not.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: