last person joined: 14 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

OnBoard Cert Validity Period - Per Profile

Jump to Best Answer
  • 1.  OnBoard Cert Validity Period - Per Profile

    Posted Aug 27, 2018 12:51 PM

    Is there a way to modify the onboard certficate validiation duration per profile created or is it strictly a global option (in OnBoard > Certificate Authorities > Local Certificate Authority)?



  • 2.  RE: OnBoard Cert Validity Period - Per Profile
    Best Answer

    Posted Aug 27, 2018 12:55 PM

    1) You should never use the default CA in production

    2) Return an application enforcement during Onboard pre-auth using the ClearPass:Session-Timeout attribute with a value in seconds (1 month = 2592000). The CA's maximum validity needs to be greater than or equal to any of these returned values.