Valued Contributor I

Can CPPM act as an ocsp serverCan CPPM act as an ocsp service

Having just created my own root/intermediate CA certs and used them to generate a client cert for EAP-TLS usage, I now need to implement some form of CRL  setup for these certs. I notice that under CPPM/Admin/Certificates there is an entry for revocation lists but wondered if CPPM had ocspd capabilites.


I've found config entries under the radius server section that suggests cppm can talk to an external ocsp service so I'm guessing that that answer is no but thought I'd check..... and just found that the EAP-TLS with ocsp method seems to point to a localhost URL .. so maybe it does ....


... more reading methinks





Guru Elite

Re: Can CPPM act as an ocsp serverCan CPPM act as an ocsp service

ClearPass can be an OCSP responder for its own CAs or it can check certificate status using an external OCSP responder during authentication.


| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Valued Contributor I

Re: Can CPPM act as an ocsp serverCan CPPM act as an ocsp service

Yup, just found the Cetificate Authority stuff in the Clearpass Onboard section.


Bit happier with what's available in Clearpass to the ocspd stuff I was looking at, as its GUI based and the rest of the network team can use it.


Intention is to roll out EAP-TLS certificates for whole batch of devices from "Android on a  stick" kit that'll provide Information display devices round the campus to wireless VOIP phones to wired IP phones so I think using the Clearpass Onboard part of CPPM to generate/manage certs which are then used to auth to the network via policy manager sounds the way to go


Search Airheads
Showing results for 
Search instead for 
Did you mean: