@matt Finnie wrote:
The issue is not with the issuing of certs but with authenticating machines with certificates. How can Clearpass verify certificates?
Matt,
To authenticate Machine Certs issued from Active Directory CPPM would only need:
- A server certificate that is trusted by the clients (ideally it would be issued by the AD enterprise CA)
-The CA cert that issued the Machine Certs installed in ClearPass' Trusted Certificate Authorities Store
- A Service with the Authentication Method of EAP-TLS
- (Optional) Clearpass added to AD so that it can do authorization of the username on the certificate VIA LDAP/AD
- (Optional) an OCSP URL so that ClearPass can check for certificate Revocation.