Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM for EAP-TLS

This thread has been viewed 4 times

  • 1.  CPPM for EAP-TLS

    Posted Apr 18, 2019 06:35 AM

    Hello , 

     

    we will be rolling out NAC for Wired and for dot1x , we proposed EAp-TLS ( Machine certificate)

     

    So clear pass needs to be integrated with Certificate Server and everytime it queries to Certificate server for cert validation if a machine connects ?

     

    Or we put the Root CA server certificate on clearpass  and there is no need to integrate CA server?

     

    I need to know the authentication source for EAP-TLS 



  • 2.  RE: CPPM for EAP-TLS

    Posted Apr 18, 2019 07:10 AM
    You need to add the Root/Intermediate CA to ClearPass.
    It's advisable to validate the certificate using SCEP or a CRL. Also keep in mind that by default ClearPass will check the certificate only and no the computer account status.