Security

last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Multiple EAP-TLS Certificates for same Device

This thread has been viewed 1 times

  • 1.  Multiple EAP-TLS Certificates for same Device

    Posted Oct 02, 2018 03:11 PM
      |   view attached

    I have seen this happening in our enviroment. I have setup SCEP via Airwatch (MDM) and ClearPass, for some reason when looking into the Onboard section of CPPM i noticed there are multiple certificates for the same device, same name. (see image attached)

     

    Is this a normal? Any way to avoid this?

     

    So far no issues reported but i dont see any reason why this should happen.

     

    Currently running 6.7.4

     



  • 2.  RE: Multiple EAP-TLS Certificates for same Device

    MVP
    Posted Oct 04, 2018 04:21 PM

    The Common Name is identical, but the Serial Number is different for each device. Could it be that the common name on the certificate is configured as that and it's just applying that for every device that registers? 

     

    Can you filter or search differently to confirm if it's actually the same device or if it's just the same Common Name?



  • 3.  RE: Multiple EAP-TLS Certificates for same Device

    Posted Oct 04, 2018 05:02 PM

    The serial number for all those entries are all identical except the issued and expiration date. Each device get their own certificate, it just that there is more than one per device for a reason i cant figure out yet.

     

    I have confirmed searching for other devices and shows the same issue, multiple certificates for same exact device.



  • 4.  RE: Multiple EAP-TLS Certificates for same Device

    Posted Jan 25, 2019 11:10 AM

    This is still happening. Here is a search for specific device MAC ADDRESS. First certificate is expired and the device is using the latest issues for authentication, i just dont understand why multiples are been created. This is happening to most of our clients.

     

    Screen Shot 2019-01-25 at 11.07.04 AM.png



  • 5.  RE: Multiple EAP-TLS Certificates for same Device

    EMPLOYEE
    Posted Jan 25, 2019 11:17 AM

    If your clients connect back to the captive portal an additional certificate will be issued if they re-enroll, period.  I would contact TAC to find out the best way that your environment can prevent that from happening.  If your clients are ending back up at enrollment, there is probably a solution specific to your environment to avoid that from happening.



  • 6.  RE: Multiple EAP-TLS Certificates for same Device

    EMPLOYEE
    Posted Jan 25, 2019 11:19 AM
    Are these devices being enrolled via SCEP or EST?


  • 7.  RE: Multiple EAP-TLS Certificates for same Device

    Posted Jan 25, 2019 11:31 AM

    Via Airwatch SCEP



  • 8.  RE: Multiple EAP-TLS Certificates for same Device

    EMPLOYEE
    Posted Jan 25, 2019 11:37 AM
    Unfortunately every time the EMM pushes a new revision of a config policy to the device, it forces the device to request a new certificate. I would recommend reaching out to your Airwatch/Workspace UEM team to ask for a fix. Unfortunately we can’t do anything on our end since it’s controller by the EMM and device.