We are implementing AirWatch to manage MobilePOS iPods, sales teams' iPads, and other devices. In addition, we're using ClearPass OnBoard to give unique certificate for EAP-TLS authentication on wireless. I know that AirWatch can use an SCEP provider and I believe ClearPass can be that SCEP provider as of v6.3.0. Has anyone set this up? My ideal is to have device enroll in AirWatch then be able to push a ClearPass cert to the device along with wireless settings, similar to what we currently do in the ClearPass OnBoard process, but without the manual onboarding.
Would there be any chance to find where this document is now. It seems to have moved.
Take a look at my TehNote that Victor refences..the SCEP section is right the end and covers MobileIron and AirWatch in detail.
Great tech note Danny Jump! Related question: is end device getting the certificate by communicating directly with CPPM or is it getting it from the AirWatch which is in turn getting it from CPPM? We tested with an iPhone that was enrolled in AirWatch but the iPhone was unable to pull the cert until we put it on wireless network where it could reach CPPM directly.
Thanks for the feedback..!!
Does the diagram at the top of Page-47 not provide the info requested?
In working with this some more, I'm seeing some online articles referring to security problems in SCEP. I'm trying to learn more about how SCEP works in general and specifically with ClearPass. I don't seem to find entries in Access Tracker for SCEP requests coming from an iPad that is being directed to my ClearPass from an Airwatch policy. Where can I see in some logs what's going on? How can I lock down who or what can request an SCEP cert?
Hope your well.... good to catchup at Aireheads.
You can find the logging requests for the SCEP enrollement in /guest side of the house.
Look under Administration/Support/Application Log
You might have to go into the plug-ins and enable 'deeper' logging if you need more than the standard logging.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.