Security

Hello, I'm new to certificate based authentications so dont know much at this stage. What I want is that I have an 802.1X client for which I want to have get a client certificate from CPPM, with that certificate installed on the client machine, the client dont have to enter his/her username/password each time it has to authenticate. Do I need both the server and client certificates? If you can explain this scenario is a few clear steps would be much apreciated. Thanks.

You will need a PKI that gives you a user certificate.

 

ClearPass can do this via the onboarding module, this is used for byod enviroments.

 

In a corporate enviroment with AD joined devices, you can install a windows PKI and auto-enroll your clients with that PKI.

 

This is not basic stuff that can be explained in a couple of lines, but there is a good video on ABC the networking channel:

https://www.youtube.com/watch?v=buNyG5WneKY&list=PLsYGHuNuBZcb0xD05v9zdwv7NlUG_8oJS&index=9&t=563s 

To add to the post.. These are also nice video's:

https://youtu.be/kIba-HxQJ1k

Guys, thanks for the replies, I went through the videos but I dont have onboard or AD setup at the moment. My case is very simple, I just need it for test purpose. If I can get a single certificate for my wired client to test authentication against a clearPass server is all I need to know that our switch is ok with certificate based clients. Is this possible without having onboard and AD? I know the clearpass can act as a CA so I suppose it should be ok but can't seem to find how exactly.

 

Thanks,