Security

 View Only
  • 1.  Can you change the length of the certificate when using Cloud Auth with Entra ID?

    Posted Jul 30, 2024 12:23 PM

    When we use Cloud Auth with Entra ID, users will use the portal to register their devices and download the configuration file with the certificate. I see that the certificate is valid for 1 year. Is there a way to change the default validity period?



  • 2.  RE: Can you change the length of the certificate when using Cloud Auth with Entra ID?
    Best Answer

    Posted Jul 31, 2024 01:23 AM

    Currently you can not change the default period.



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: Can you change the length of the certificate when using Cloud Auth with Entra ID?

    Posted Jul 31, 2024 08:03 AM

    Per changes by Google, Apple, and other browsers as well as the certificate authoriities, public certificates are only being issued for 1-year periods by most certificate authorities, although up to 398 days are permitted.   There appears to have been several reasons for this including reducing exposure to compromised private keys and changes in encryption and hashing algorithms to ensure certificates are not using deprecated ciphers.   Of course, the CAs are in agreement not only from a security standpoint, but due to product tying of automated certificate management platforms.  With Certificate prices becoming more competitive, the issuers are looking for additional revenue streams, thus automated management of certificates is a logical avenue to replace reduced income.  The likelihood is that replacement periods will decrease, I've seen GoDaddy pushing 3-month certificates.  




  • 4.  RE: Can you change the length of the certificate when using Cloud Auth with Entra ID?

    Posted Jul 31, 2024 06:57 PM

    Also note that  Cloud Auth has automatic certificate management in most parts.



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 5.  RE: Can you change the length of the certificate when using Cloud Auth with Entra ID?

    Posted Aug 01, 2024 07:43 AM

    That 398 day validity limit, and the proposals to go down to 90 or even 30 days, applies to public CAs. Cloud Authentication and Policy uses a private PKI, so it's not applicable.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------