Security

last person joined: 12 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Finding Expired Certificates

This thread has been viewed 5 times

  • 1.  Finding Expired Certificates

    Posted Nov 05, 2018 10:49 AM

    We run an EAP/TLS wireless network.  As such, we have certificates which expire on a regular basis.  There is a not very small population of users who never notice that their certificate expired.

     

    I *do* see RADIUS failures in CPPM Access Tracker with the RADIUS alert of:

    EAP-TLS: fatal alert by server - certificate_expired
    TLS Handshake failed in SSL_read with error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
    eap-tls: Error in establishing TLS session

    Is there any easy way to get a report on failed EAP-TLS transactions with a "certificate_expired" message from ClearPass?



  • 2.  RE: Finding Expired Certificates

    EMPLOYEE
    Posted Nov 05, 2018 10:53 AM
    This would likely require a custom report from TAC for Insight.

    Also, we recommend you create a policy rule that looks for certificates that will be expiring in the near term to drop them into a captive portal to re-enroll.