03-21-2017 08:13 AM
Currenly I'm in the progress of setting up an environment with computer based certificates. The devices themselves are not joined to the AD domain, but are member of a specific OU group so they can be validated using Micosoft RADIUS (no ClearPass).
An important requirement is to be able to ensure a computer certificate can only be used by one device at a time.
The reason is to prevent multiple devices using the same computer certificate in case the cert is being cloned. Every device is required to have a unique certificate.
It would be even better if there is a possibility to have a device only be authenticated based on the computer certificate that has been assigned to the device itself. So that it is not being able to authenticate with a valid certificate that is assigned to another device.
Solved! Go to Solution.
03-21-2017 12:23 PM
thanks for your quick response. I'm aware if this option when creating certificates. There is the possibility that we do not manage this setting, therefore I was wondering if we can control this from an Aruba WLAN perpective.
For guest accounts there is an option to allow 1 or multiple users/sessions to use the one guest account. I'm trying to find out if the same option is present for 802.1x computer certificates.