I have a fleet of Ubuntu desktops that have been added to the network via the CPPM OnBoard process. I find that the certificate issued by ClearPass ito the Ubuntu desktop can be exported and imported to another Ubuntu desktop.. is there anyway we can make the certificate unexportable? Also we can integrate the onboard certificate and see the private key. Can this be stopped
Don't think that is possible if users have root access. If you can store the certificate in a TPM or smart card, then it may be possible, but unsure if that's possible with Ubuntu.
I don't think that works in Ubuntu like that, as I don't think there a certificate store like in Windows/Mac, but not an expert on this one.You may ask Aruba Support if they know if it's possible, although I have not seen a configuration option for it. I would think having the certificate non-exportable for any platform that supports it would be the preferred way.
I'll take it up with TAC. Agreed, it would be nice to have the certificate non-exportable for all platforms that support it.
Mobile: +61 427 709 101
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.