Security

Reply
Frequent Contributor I

ClearPass Onboard Registration Authority w/ ADCS SCEP

Looking at setting this up for a customer, has anyone set this up yet?

 

Was introduced in ClearPass 6.6.2.

 

Any advantages / disadvantages to the old way of ClearPass proxying the Client Cert request to AD web services?

Guru Elite

Re: ClearPass Onboard Registration Authority w/ ADCS SCEP

The new way allows for ClearPass to only be "aware" of the cert, but not store it.

Either way is valid.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Frequent Contributor I

Re: ClearPass Onboard Registration Authority w/ ADCS SCEP

Does Aruba have a recommended approach to BYOD certs?

I've heard a few presentations where SE's recommend using the local Onboard CA only.

 

Are there any plans to publish any sort of ADCS w/ SCEP integration guides like with the old method?

Guru Elite

Re: ClearPass Onboard Registration Authority w/ ADCS SCEP

>From a purely security best practice (not necessarily Aruba), it's a good
idea to maintain a complete trust boundary for BYODs. If you issue certs
from your internal CA to your BYODs, you could inadvertently grant access to
other services who are doing a basic client certificate check.



We can add it to the list. Can't give an ETA right now though.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: