Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

OnBoard Cert Validity Period - Per Profile

This thread has been viewed 1 times

  • 1.  OnBoard Cert Validity Period - Per Profile

    Posted Aug 27, 2018 12:51 PM

    Is there a way to modify the onboard certficate validiation duration per profile created or is it strictly a global option (in OnBoard > Certificate Authorities > Local Certificate Authority)?

     

     



  • 2.  RE: OnBoard Cert Validity Period - Per Profile
    Best Answer

    EMPLOYEE
    Posted Aug 27, 2018 12:55 PM

    1) You should never use the default CA in production

    2) Return an application enforcement during Onboard pre-auth using the ClearPass:Session-Timeout attribute with a value in seconds (1 month = 2592000). The CA's maximum validity needs to be greater than or equal to any of these returned values.