I don't think that works in Ubuntu like that, as I don't think there a certificate store like in Windows/Mac, but not an expert on this one.
You may ask Aruba Support if they know if it's possible, although I have not seen a configuration option for it. I would think having the certificate non-exportable for any platform that supports it would be the preferred way.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: May 10, 2023 06:19 AM
From: cstathis
Subject: Exporting OnBoard certificates
Hi Herman,
Thank you for your answer. It aligns with my discovery to date.
The next question is "can CPPM make the cert unexportable?" - after all, it is the issuing CA in this scenario.
Kind Regards,
Con Stathis
Director
ENACOM
+61 427 709 101
Original Message:
Sent: 5/5/2023 6:11:00 AM
From: Herman Robers
Subject: RE: Exporting OnBoard certificates
Don't think that is possible if users have root access. If you can store the certificate in a TPM or smart card, then it may be possible, but unsure if that's possible with Ubuntu.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: May 03, 2023 06:36 AM
From: cstathis
Subject: Exporting OnBoard certificates
I have a fleet of Ubuntu desktops that have been added to the network via the CPPM OnBoard process. I find that the certificate issued by ClearPass ito the Ubuntu desktop can be exported and imported to another Ubuntu desktop.. is there anyway we can make the certificate unexportable? Also we can integrate the onboard certificate and see the private key. Can this be stopped
------------------------------
Con
Stathis
------------------------------