Security

Reply
Highlighted
Occasional Contributor II

CPPM, EAP-TLS and expired user certificate

Hi everyone!

I need to allow limited access to users which have expired certificates issued by corporate AD CA with Clearpass 6.8. My first try was to check error code clearpass returns, but suddenly the error number was not expected 212 (client certificate expired) but 215 (tls session error). My next idea was to check certificate "not-valid-after" field if its lower than "now" but it happens, that I need to specify precise date in such rule.

Is there any other ideas how I can allow access for such users using EAP-TLS?

Thank you

Accepted Solutions
Highlighted
Moderator

Re: CPPM, EAP-TLS and expired user certificate

Expired certificates cannot pass authentication by design. You can write rules that try and catch certificates near expiration though.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: CPPM, EAP-TLS and expired user certificate

Expired certificates cannot pass authentication by design. You can write rules that try and catch certificates near expiration though.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Highlighted
Occasional Contributor II

Re: CPPM, EAP-TLS and expired user certificate

Thank you, Tim. 

 

https://community.arubanetworks.com/t5/Security/Handling-certificate-expiration/td-p/93548 helped me with catching user before certificate expiration.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: