Hi all,
I just configured the authentication method to combine ClearPass with our OCSP server to validate the device-certifcates using this default service:
Authentication Method > [EAP-TLS With OCSP Enabled]
I use this option to validate if the used certificate is not revoked by the CA.
By setting the 'Verify Certificate using OCSP' to '
Optional' I was hoping that the certificate would be validated against our OCSP server IF the server is available. If the server is offline, I would like ClearPass to skip the OCSP validation and just continue on. This doesn't appear to be the case, as access is rejected when I set the OCSP url to a random IP, not the OSCP server.
Test with random server as OCSP (simulating an offline OCSP server):
My question: How do I configure EAP-TLS With OCSP to skip the validation IF the OCSP server is not available?
Thanks in advance!
------------------------------
Lex
------------------------------