Customer want to use Machine Certificate & User Certificate for Authentication.
Due to Policy , Customer want use Machine certificate from One CA (Eg:- CA-1) and User Certificate from Other CA.(Eg:- CA-2)
So from ClearPass Point of View we need to have Radius Server Certifcate from CA-1 for Machine authentication and Radius Server Certificate from CA-2 for User Authentication is my Understanding.
Is this Feasible using 6.8.x ?
Thanks in advance
I agree we need to upload both CA certificates in Trust list.
For EAP-TLS we need to upload Radius Server certificate by Submitting CSR from CPPM to each CA right?
OK I understand Now. We can use Radius Server certificate from any CA as we use Server Certificate to Validate Radius Server.
As both Machine & User Same Radius Server that is CPPM we can use Radius Server certificate from any CA to the needful.
Both CA certificates in Trust list of CPPM will validate both Machine & User certicate Presented by Client Device.
Hope my understanding is correct . Please correct me if my understanding is wrong.
The client will send a certificate from 2 different CA's so that is why CPPM needs to add them in it's trust list.
You can serve both requests from 1 service, just make different rules where you identify the certificate from each request.
In both situation, the clients will be presented the same "server" certificate, installed in CPPM as a radius certificate. So the clients just needs to trust this 1 certifcate (chain).
Thanks a lot :-)
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.