Security

 View Only
Expand all | Collapse all

Clearpass overriding of client certificate ocsp URL

This thread has been viewed 8 times
  • 1.  Clearpass overriding of client certificate ocsp URL

    Posted Nov 30, 2021 11:50 AM
    Another quick question.

    We currently are using  eap-tls with CRL lists and the client certs do not have an ocsp url embedded in them
    If I set cppm up to use  eap-tls with ocsp and  configure it to  "override the certifiate ocsp url", will the cert validation work ( even if the clent cert doesnt have the ocsp url , assuming what cppm is talking to knows about the client cert?

    A

    ------------------------------
    Alex Sharaz
    ------------------------------


  • 2.  RE: Clearpass overriding of client certificate ocsp URL

    Posted Dec 01, 2021 08:35 AM
    I believe that the override works even if there is no OCSP data in the certificate. But it's simple to test if you have certificates without OCSP info.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------