Security

 View Only

  • 1.  CPPM, EAP-TLS and expired user certificate

    Posted Jun 05, 2019 12:47 PM
    Hi everyone!

    I need to allow limited access to users which have expired certificates issued by corporate AD CA with Clearpass 6.8. My first try was to check error code clearpass returns, but suddenly the error number was not expected 212 (client certificate expired) but 215 (tls session error). My next idea was to check certificate "not-valid-after" field if its lower than "now" but it happens, that I need to specify precise date in such rule.

    Is there any other ideas how I can allow access for such users using EAP-TLS?

    Thank you


  • 2.  RE: CPPM, EAP-TLS and expired user certificate
    Best Answer

    Posted Jun 05, 2019 12:49 PM
    Expired certificates cannot pass authentication by design. You can write rules that try and catch certificates near expiration though.


  • 3.  RE: CPPM, EAP-TLS and expired user certificate

    Posted Jun 07, 2019 03:05 AM

    Thank you, Tim. 

     

    https://community.arubanetworks.com/t5/Security/Handling-certificate-expiration/td-p/93548 helped me with catching user before certificate expiration.



Related Content