Security

By using ClearPass, certificate is distributed to clients so that the client can access the network (EAP TLS). Clients can access the network by using distributed certificate. Once a client accessed the network, is there any way to deny that client  from accessing the network by making the distributed certificate invalid? Thanks in advance.

Hi Syazusyazu923,

of cause there is a way. Key words are CRL or OCSP.

Greetings

Thanks!

I will check the information about OCSD in ClearPass!

---

@airsecxd wrote:

Hi Syazusyazu923,

 

of cause there is a way. Key words are CRL or OCSP.

 

Greetings

---

Hi. I already configured authentication method to use the tls with ocsp enabled. In the ocsp settings, I inserted the ocsp URL, and successfully revoked the certificate. Unfortunately, I was unable to unrevoked the certificate so that the client can access the network again. Please give me some suggestion or hint. Thanks in advance!

As I understand certificate rules, revoke is one-way. To "unrevoke" you re-issue a new certificate.

As msabin stated, you can not "unrevoke".
Your client needs to request and receive a new certificate from the PKI.

Again, thanks a lot! Finally got the answer for my question!

Thank you very much!