Security

 View Only
last person joined: 16 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

setup epa-tls with oscp but no auth source on clearpass

This thread has been viewed 29 times

  • 1.  setup epa-tls with oscp but no auth source on clearpass

    Posted Apr 06, 2021 05:52 AM

    Hi

    Anyone done this before? We only want clearpass to check if cert is OK 



    ------------------------------
    Sebastian Johansen
    ------------------------------


  • 2.  RE: setup epa-tls with oscp but no auth source on clearpass

    MVP EXPERT
    Posted Apr 06, 2021 10:19 AM
    Yes, this is the most common deployment.

    ------------------------------
    Tim C
    ------------------------------

    Original Message


  • 3.  RE: setup epa-tls with oscp but no auth source on clearpass

    Posted Apr 07, 2021 01:23 AM
    Oh how about that, you don't have an step by step setup for this? Fiarly new to clearpass

    ------------------------------
    Sebastian Johansen
    ------------------------------

    Original Message


  • 4.  RE: setup epa-tls with oscp but no auth source on clearpass

    Posted Apr 07, 2021 02:59 AM
    The setup is actually very simple, you just have to allow authentication based on details of the certificate.

    Have you already start building this? or you stuck somewhere in the process?

    There is a good explanation of different steps, including 802.1X configuration is this document:


    ------------------------------
    Aruba ACEX #105 (ACCX/ACDX/ACMX) | Master ASE | Consultant @ PQR
    ------------------------------

    Original Message


  • 5.  RE: setup epa-tls with oscp but no auth source on clearpass

    EMPLOYEE
    Posted Apr 07, 2021 03:23 AM
    Most important step is to create a new EAP-TLS Authentication method that has Authorization disabled (and OCSP enabled). The Authorization required option controls if a check is done to an authentication source.


    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message


  • 6.  RE: setup epa-tls with oscp but no auth source on clearpass

    Posted Apr 07, 2021 05:08 AM

    Thanks, removed the authorization required now.

    On the service part, which authentication sources should we have? Currently is sat to "local user repository"



    ------------------------------
    Sebastian Johansen
    ------------------------------

    Original Message


  • 7.  RE: setup epa-tls with oscp but no auth source on clearpass

    EMPLOYEE
    Posted Apr 07, 2021 05:46 AM
    Local User Repository is fine, in fact, I recently found out that when using EAP-TLS without authorization, you can even leave the authentication sources empty. But before, I just put in something like Local Users or Endpoint Repository, as it is not used anyway.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------

    Original Message