Security

 View Only
  • 1.  CLEARPASS ONBOARD WITH WINDOWS CA

    Posted May 21, 2024 05:30 AM

    Hello Airheads,

    quick question.

    customer would like Clearpass OnBoard to use Windows CA instead of OnBoard CA.

    Is this possible ?

    They want Apple MAC OS devices with AD user accounts registering with Onboard but OnBoard is pulling the user certs from Windows CA.

    Cheers

    Pete



  • 2.  RE: CLEARPASS ONBOARD WITH WINDOWS CA

    Posted May 21, 2024 06:05 AM

    just a quick note , i have already explained that the onboard CA is perfectly valid and recommended but they are asking is it possible ?

    cheers

    Pete




  • 3.  RE: CLEARPASS ONBOARD WITH WINDOWS CA

    Posted May 21, 2024 09:00 AM

    You can use a Windows PKI CA as the root with the Onboard enrolling CA as an intermediate but you aren't going to directly issue the certificates from Windows ADCS to the clients.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------



  • 4.  RE: CLEARPASS ONBOARD WITH WINDOWS CA

    Posted May 21, 2024 09:32 AM

    OnBoard CA may not have the necessary security protections and multi-tier PKI architecture that the windows CA has.  What is the use-case for OnBoard though?  How are the Mac devices managed?  Why not use an MDM instead?




  • 5.  RE: CLEARPASS ONBOARD WITH WINDOWS CA

    Posted May 21, 2024 09:32 AM

    Why not use an MDM instead?  




  • 6.  RE: CLEARPASS ONBOARD WITH WINDOWS CA

    Posted May 28, 2024 08:12 AM

    Check this Tech Note.

    As mentioned, using ADCS may or (more likely) may not be the best choice for you. But it is possible.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------