Skip main navigation (Press Enter).

Become a Member

Security

View Only

Back to discussions

Expand all | Collapse all

CRL access options - Can ClearPass access CRL via LDAP?

Jump to Best Answer

This thread has been viewed 9 times

jafas1995Apr 03, 2025 12:54 AM

I have Microsoft PKI certs used for EAP-TLS. In the cert it lists URL's for CRL distribution via ldap ...

ahollifieldApr 03, 2025 09:25 AMBest Answer

I don't think ClearPass even looks at that attribute. You need to add the CRL manually: https://arubanetworking.hpe.com/techdocs/ClearPass/6.12/PolicyManager/Content/CPPM_UserGuide/Admin/CertificateRevocationListHelp.html ...

jafas1995Apr 03, 2025 04:24 PM

Thanks, we aim to use OCSP with CRL fallback. Was thinking that an LDAP option would have some advantages. ...

1. CRL access options - Can ClearPass access CRL via LDAP?

Kudos
jafas1995
Posted Apr 03, 2025 12:54 AM

Reply Reply Privately
I have Microsoft PKI certs used for EAP-TLS. In the cert it lists URL's for CRL distribution via ldap and http as well as ocsp via http. My question is for ClearPass, does it support pulling the CRL list via an ldap lookup? i.e. from the certs URL of URL=ldap:///CN=etc.etc.ect.
2. RE: CRL access options - Can ClearPass access CRL via LDAP?
Best Answer

Kudos
ahollifield

MVP EXPERT
Posted Apr 03, 2025 09:25 AM

Reply Reply Privately
I don't think ClearPass even looks at that attribute. You need to add the CRL manually: https://arubanetworking.hpe.com/techdocs/ClearPass/6.12/PolicyManager/Content/CPPM_UserGuide/Admin/CertificateRevocationListHelp.html

Original Message
3. RE: CRL access options - Can ClearPass access CRL via LDAP?

Kudos
jafas1995
Posted Apr 03, 2025 04:24 PM

Reply Reply Privately
Thanks, we aim to use OCSP with CRL fallback. Was thinking that an LDAP option would have some advantages.

Original Message

Contact

WW Corporate Headquarters - Spring, TX - United States
1701 E Mossy Oaks Rd
Spring, TX 77389

Disclaimer

The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.hpe.com for current and complete HPE Aruba Networking product lines and names.

Company

Environmental Citizenship

Terms of service

Support

Support Services

Contact Support

Training & Certification

Software Downloads

Licensing Login

Partners

Become a Partner

Partner Ready for Networking

Technology Partner Programs

Copyright 2024. All rights reserved.

Powered by Higher Logic

Global message icon