Thanks man i just needed to know this part. I have already the first one setup which is the one of the eap tls with the windows pki.
Now i will configure the onboard part for the non windows, just wanted to be sure which was the best and correct way to do it
Original Message:
Sent: Apr 27, 2023 02:12 PM
From: bd_87
Subject: Clearpass Onboard for cellphones
Absolutely. And this is a common setup. Internal PKI for windows and ClearPass Onboard CA for non-windows / non-managed devices.
------------------------------
ACNSP | ACCP | ACMP | ACEP
Original Message:
Sent: Apr 27, 2023 02:08 PM
From: cdelarosa
Subject: Clearpass Onboard for cellphones
Can my clearpass be a CA for the cellphones tablets and all that
And the clearpass can still be the radius server for the windows devices, i mean Windows devices like the laptops and workstations will still have the windows CA and my certificate in the certificate store in the policy manager will still be the one that the windows CA signed me?
Original Message:
Sent: Apr 27, 2023 02:01 PM
From: bd_87
Subject: Clearpass Onboard for cellphones
Yes, you can use ClearPass to onboard these devices and set it up so that rather than ClearPass being the CA, it will request certs from the Windows CA.
However, this is not a recommended practice with non-corporate-manged devices. Using the ClearPass Onboard CA gives you a trust separation from your domain and non-corporate devices.
------------------------------
ACNSP | ACCP | ACMP | ACEP
Original Message:
Sent: Apr 27, 2023 01:23 PM
From: cdelarosa
Subject: Clearpass Onboard for cellphones
Hello i got a few questions
we have this client which have a CA of windows and they already distributing their certificates with their CA with windows
They have clearpass, which it request the certificate from the Windows CA and everything works great
They are using EAP TLS
Now they want to use devices like cellphones and tablets, but we need to distribute the certificates to those devices. Windows cannot do it, because they are not in the domain.
They have some onboard license and i was wondering if that could work for those devices only, to use the onboard license but for just those cellphones
It is possible this scenario in which they have the windows distributing the certificates through the AD and having somehow the clearpass distributing the user certificates to those cellphones with the onboard license?