What is the code-signing certificate used for in Clearpass Quickconnect implementation?

By vikrams@aruba posted Nov 13, 2014 07:25 PM

  

Code signing certificate is used to digitally sign the Windows QuickConnect application on Clearpass. This is so you don't get the dreaded "Untrusted Publisher" warning when trying to run the Windows app. 

The Best practice would be to have the Onboard Code-signing certificate issued by a "well known" CA e.g. Verisign, Thawte, GoDaddy etc.

 

 

 

If the code-signing certificate is signed by internal CA or CA's other than Public CA which are not on the trust list on the device and when the Quickconnect application gets sent down to the client, the client doesn’t have the CA certs in trust chain yet.

Client then encounters the "Untrusted Publisher" warning. So the code-signing certificate should be directly issued by a trusted 3rd party CA so windows trusts the publisher, then we can launch the Quickconnect App and get all the certs in the chain of trust.

 

4 comments
0 views

Comments

Nov 04, 2015 07:31 PM

Entrust

Thanks
Ken

Nov 04, 2015 07:18 PM

What CA are you using?

Nov 04, 2015 07:15 PM

Hi there,

 

Is there a procedure on how manage/implement the code signing?

 

I have already completed the public signing for the HTTPS/Radius portion of the Clearpass but not seeing how to complete the code signing part. 

 

Thanks

Ken