How to delete duplicate Onboard device certificates

By esupport posted Aug 31, 2015 05:33 AM


During Onboard deployment testing or a user bringing a new device to the network, we may want to delete the old device/client certificates from ClearPass.

As a network Admin you would do that manually, however you would want an automatic way to do that.


So the question arises, how to delete old certificates from previous enrollments of a device automatically on ClearPass.


In ClearPass 6.5 onwards, we have a new checkbox under Onboard provisioning settings. If checked then old certificates from previous enrollments of a device will be automatically deleted.


In order to configure this setting please navigate to CPPM > Guest > Onboard > Deployment and Provisioning > Provisioning Settings > Select the provisioning profile > click edit > General tab > navigate to "Action" section 


We also have option to add a deletion delay. This will make sure that any duplicate certificates will be deleted after the specified number of days have passed, since device re-enrollment.