Security

Reply
Occasional Contributor II

CPPM, EAP-TLS and expired user certificate

Hi everyone!

I need to allow limited access to users which have expired certificates issued by corporate AD CA with Clearpass 6.8. My first try was to check error code clearpass returns, but suddenly the error number was not expected 212 (client certificate expired) but 215 (tls session error). My next idea was to check certificate "not-valid-after" field if its lower than "now" but it happens, that I need to specify precise date in such rule.

Is there any other ideas how I can allow access for such users using EAP-TLS?

Thank you
Guru Elite

Re: CPPM, EAP-TLS and expired user certificate

Expired certificates cannot pass authentication by design. You can write rules that try and catch certificates near expiration though.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: CPPM, EAP-TLS and expired user certificate

Thank you, Tim. 

 

https://community.arubanetworks.com/t5/Security/Handling-certificate-expiration/td-p/93548 helped me with catching user before certificate expiration.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: