By using ClearPass, certificate is distributed to clients so that the client can access the network (EAP TLS). Clients can access the network by using distributed certificate. Once a client accessed the network, is there any way to deny that client from accessing the network by making the distributed certificate invalid? Thanks in advance.
of cause there is a way. Key words are CRL or OCSP.
I will check the information about OCSD in ClearPass!
@airsecxd wrote:Hi Syazusyazu923, of cause there is a way. Key words are CRL or OCSP. Greetings
Hi. I already configured authentication method to use the tls with ocsp enabled. In the ocsp settings, I inserted the ocsp URL, and successfully revoked the certificate. Unfortunately, I was unable to unrevoked the certificate so that the client can access the network again. Please give me some suggestion or hint. Thanks in advance!
As I understand certificate rules, revoke is one-way. To "unrevoke" you re-issue a new certificate.
As msabin stated, you can not "unrevoke".Your client needs to request and receive a new certificate from the PKI.
Again, thanks a lot! Finally got the answer for my question!
Thank you very much!
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.