Security

Reply
Occasional Contributor I

Clear Pass certification

By using ClearPass, certificate is distributed to clients so that the client can access the network (EAP TLS). Clients can access the network by using distributed certificate. Once a client accessed the network, is there any way to deny that client  from accessing the network by making the distributed certificate invalid? Thanks in advance.

Occasional Contributor I

Re: Clear Pass certification

Hi Syazusyazu923,

 

of cause there is a way. Key words are CRL or OCSP.

 

Greetings

Occasional Contributor I

Re: Clear Pass certification

Thanks!

I will check the information about OCSD in ClearPass!

 

 


@airsecxd wrote:

Hi Syazusyazu923,

 

of cause there is a way. Key words are CRL or OCSP.

 

Greetings


 

Occasional Contributor I

Re: Clear Pass certification

Hi. I already configured authentication method to use the tls with ocsp enabled. In the ocsp settings, I inserted the ocsp URL, and successfully revoked the certificate. Unfortunately, I was unable to unrevoked the certificate so that the client can access the network again. Please give me some suggestion or hint. Thanks in advance!

MVP Expert

Re: Clear Pass certification

As I understand certificate rules, revoke is one-way. To "unrevoke" you re-issue a new certificate.

--Matthew

if I've helped, please give kudos
if I've provided a solution, please mark the solution so others can find it
Occasional Contributor I

Re: Clear Pass certification

As msabin stated, you can not "unrevoke".
Your client needs to request and receive a new certificate from the PKI.

Occasional Contributor I

Re: Clear Pass certification

Thank you very much! 

Occasional Contributor I

Re: Clear Pass certification

Again, thanks a lot! Finally got the answer for my question!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: