Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Onboard iOS - Install root certificate twice?

This thread has been viewed 1 times

  • 1.  ClearPass Onboard iOS - Install root certificate twice?

    Posted Sep 08, 2015 11:01 PM

    When provisioning an iOS device through onboard, why does the root CA certificate get installed twice?

     

    1) At the logon prompt, there is a button to 'Install root certificate'

    2) Before installing the profile the same certificate is installed with the message:

    'Install certificate to continue device configuration'



  • 2.  RE: ClearPass Onboard iOS - Install root certificate twice?
    Best Answer

    EMPLOYEE
    Posted Sep 08, 2015 11:03 PM
    There is usually the root certificate then the root signing certificate. One is for the actual client cert itself and the other is for the profile/enrollment.


    Thanks,
    Tim


  • 3.  RE: ClearPass Onboard iOS - Install root certificate twice?

    Posted Sep 08, 2015 11:06 PM

    Aah, that makes sense:

     

    In our case, we are using the same Root CA for both purposes:

     

    Profile Signing:

    Corp Root CA

    -> ClearPass Profile Signing CA

     

    Certificate Enrollment:

    Corp Root CA

    -> Corp Issuing CA

    --> Client Certs (Enrolled by ADCS)