Security

Reply
Regular Contributor I

Clearpass and EAP-TLS

hello Airheads,

we have a customer that wants to do EAP-TLS with non-AD clients and using their Clearpass.

They are going to issue certs from an enterprise authority to the clients.

I an thinking that i just need a copy of the root cert from their enterprise CA and install it on Clearpass and then set up a service to allow an EAP-TLS authentication for these non-AD clients.

My question is do i need to specify an authentication source in the service?

MVP Guru

Re: Clearpass and EAP-TLS

Use the CPPM local user db and disable authorization required

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor I

Re: Clearpass and EAP-TLS

thanks for your reply Victor.

I just wondered why you would have to specify localuserdb.

What would it be looking up in the localuserdb?

As far as i understood you just need a copy of the root cert.

cheers

pete

 

MVP Guru

Re: Clearpass and EAP-TLS

In order to create a service you need to define an authentication source (the localdb is just a placeholder since you are doing cert based auth without validating the user or device)

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Regular Contributor I

Re: Clearpass and EAP-TLS

thanks Victor,

appreciate you taking the time.

we are going to use OCSP for revoction

one last question.

If the client certificate expires will it fail authentication with Clearpass?

Highlighted
MVP Guru

Re: Clearpass and EAP-TLS

Yes



Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: