Hi Tim ,
Waiting for your reply
Like Tim explained , you can't use profiling to validating or check a certificate on a device particular device.
To check or validate a certificate on a machine you need to configure OCSP or CRL , OCSP is more effective
Hi Victor , i dont want o validate the certificate
The requirement is see if a machine discovered as a Laptop by DHCP profiling - can we see domain attribute of machine - or any way to see FqDN of the machine
why do you need the FQDN?
To my understanding, you need to separate internal devices with an expired certificate from external devices, is this correct?
If this is correct, the device was successfully authenticated before (before the certificate was expired). Would it be possible to use the endpoint database and insert a new attribute, e.g. internal (with just true and false as value) and each time a mac address is authenticated successfully with a certificate you set this attribute to true.
If the device comes back with an expired certificate you just check this attribute and if the attribute is true, you know it is an internal device.
just my 2 cents :)
My recommendation would be to protect the guest network with a captive portal and if an internal user enters his AD (I assume you use active directory) credentials he gets online to renew the expired certificate.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.