Security

Reply
Highlighted
Contributor I

OnBoard Cert Validity Period - Per Profile

Is there a way to modify the onboard certficate validiation duration per profile created or is it strictly a global option (in OnBoard > Certificate Authorities > Local Certificate Authority)?

 

 

Guru Elite

Re: OnBoard Cert Validity Period - Per Profile

1) You should never use the default CA in production

2) Return an application enforcement during Onboard pre-auth using the ClearPass:Session-Timeout attribute with a value in seconds (1 month = 2592000). The CA's maximum validity needs to be greater than or equal to any of these returned values.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: