Security

hello Airheads,

we have a customer that wants to do EAP-TLS with non-AD clients and using their Clearpass.

They are going to issue certs from an enterprise authority to the clients.

I an thinking that i just need a copy of the root cert from their enterprise CA and install it on Clearpass and then set up a service to allow an EAP-TLS authentication for these non-AD clients.

My question is do i need to specify an authentication source in the service?

Use the CPPM local user db and disable authorization required

Sent from Mail for Windows 10

thanks for your reply Victor.

I just wondered why you would have to specify localuserdb.

What would it be looking up in the localuserdb?

As far as i understood you just need a copy of the root cert.

cheers

pete

 

In order to create a service you need to define an authentication source (the localdb is just a placeholder since you are doing cert based auth without validating the user or device)

Sent from Mail for Windows 10

thanks Victor,

appreciate you taking the time.

we are going to use OCSP for revoction

one last question.

If the client certificate expires will it fail authentication with Clearpass?

Yes



Thank you

Victor Fabian

Pardon typos sent from Mobile