Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Certificate Tech Note, Update ? Gospel ?

This thread has been viewed 0 times

  • 1.  Certificate Tech Note, Update ? Gospel ?



  • 2.  RE: Certificate Tech Note, Update ? Gospel ?

    EMPLOYEE
    Posted May 25, 2016 11:52 PM
    Nothing has really changed.



    https://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Comma
    nd/Core_Download/Default.aspx?EntryId=19184



    It's best to work with an Aruba ClearPass partner when designing a ClearPass
    solution.


  • 3.  RE: Certificate Tech Note, Update ? Gospel ?

    Posted May 25, 2016 11:56 PM

    When it was written (back in 2013) with accommodating certs for CPPM cluster, it was mentioned Microsoft Windows 802.1x supplicant's don't support the use of wildcard certificates (making the CSR process and population of SAN entry easier).

    Surely this has changed by now ?



  • 4.  RE: Certificate Tech Note, Update ? Gospel ?
    Best Answer

    EMPLOYEE
    Posted May 25, 2016 11:59 PM
    No, it still applies. Wildcard certificates are incredibly insecure.


  • 5.  RE: Certificate Tech Note, Update ? Gospel ?
    Best Answer

    Posted May 28, 2016 09:29 AM

    My posted version is the latest, I've no plans or need at this time to add much to it but i do agree it needs some minor mods but nothing dead urgent IMO. 



  • 6.  RE: Certificate Tech Note, Update ? Gospel ?

    Posted Jun 06, 2016 11:20 PM

    Except.. this part doesn't make much sense.....

    The CSR configuration for cluster shows populating DNS names in the SAN field of *INTERNAL* names.

    A Public CA vendor will not sign a CSR for any domain it can't vet, aka no internal FQDN suffix's....

    Untitled.png