Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Certificate-based Authentication

This thread has been viewed 7 times

  • 1.  Certificate-based Authentication

    Posted Aug 28, 2017 05:25 AM

    Hi Guys,

     

    I am new in Aruba ClearPass and I need help.

    I want to have certificate-based authentication for my endpoints, may I know what configurations are needed in CPPM for this to work? I don't know how CPPM will check the endpoint's certificate and counter check it in the AD. What should be check, it is the CN or the DN? Also how CPPM grab the data of the CN/DN and counter check it in the AD if it is existed?

     

    Thanks



  • 2.  RE: Certificate-based Authentication

    EMPLOYEE
    Posted Aug 28, 2017 05:28 AM

    You need to start properly from scratch.  Are you already using CPPM for 802.1x authentication with EAP/PEAP?



  • 3.  RE: Certificate-based Authentication

    Posted Aug 28, 2017 06:04 AM

    Hi cjoseph,

     

    Actually, not yet but I have an idea as far as theory is concerned because previously I am using Cisco ISE and I am watching some tutorial video and also I have a VM setup as of the moment.

     

    I want to check the CN in my certificate and check against the AD if the username exist in the AD. How can I check that? And also can I do EAP-Chaining? For example, the CPPM will check first the computer name if it exists in the AD then it will check for the username/CN against the AD.

     

    Thanks



  • 4.  RE: Certificate-based Authentication

    EMPLOYEE
    Posted Aug 28, 2017 06:25 AM

    If you haven't already, I would take a look at this post here:  http://community.arubanetworks.com/t5/Video/Aruba-ClearPass-Workshop-Wireless-4-AD-Client-Certificates-EAP/ta-p/294172