Does CPPM support automatic revocation/deletion of certificates for inactive devices

Aruba Employee
Aruba Employee

Environment- Customers implementing OnBoarding using Clearpass Policy Manager

Answer- Starting from 6.5 version, OnBoarding module in the Clearpass Guest has the option to revoke certificates for inactive devices after the specified amount of time. This option is disabled by default.

For this feature to work, Insight needs to be enabled on this node as it relies on Insight data. Also the node should be configured as the Insight Master.

In order to configure this feature, please navigate to the below location in the Clearpass Guest GUI:

Onboard -> Deployment and Provisioning > Provisioning Setting  -> Click on the provision settings profile and "Edit" -> Under General Tab scroll down to "Actions" -> At "Revoke Inactive" check the box for "Revoke certificates for inactive devices" to automatically revoke the certificates for devices after a period where the device is not seen on the network.

Set the "Inactivity Period" in days based on your requirement. So if a device does not authenticate on the network after this period its certificate will be revoked.

rtaImage (26).jpg


Version history
Revision #:
1 of 1
Last update:
‎04-05-2015 11:35 PM
Updated by:
Labels (1)

We have 600 licenses being used currently and we don't want to cause impact to those users/devices.  Will changing this setting, which is currently blank/not used, cause any effect to the existing users/devices?


For example, if we check the box to enable revoking unused licenses, and set it to occur at 180 days, will currently allocated licences be effected?

Existing certificates will be revoked after 180 days of inactivity.

Are currently onboarded users/devices effected by the change?

Senior Network Engineer
M / 480 842 9494


Yes, they will be evaluated.

Search Airheads
Showing results for 
Search instead for 
Did you mean: