Security

Reply

Onboarding BYOD with firewall certificate

Hi guys,

 

I have a customer which wants to onboard BYOD devices, in addition to install the required certificates on them for onboarding and using them in the corporate network, he wants to install the firewall certificate (.cer) on them in order to use the deep inspection feature on the firewall. Can Clearpass install the firewall certificate on them?

 

Regards,

Julián

Guru Elite

Re: Onboarding BYOD with firewall certificate

No, there are OS limitations that prevent automatically configuring TLS decryption certificates for privacy reasons.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: Onboarding BYOD with firewall certificate

Hi Tim,

 

So that limitation is on ClearPass?

 

Regards,

Julián

Guru Elite

Re: Onboarding BYOD with firewall certificate

No, as mentioned, they are OS restrictions due to privacy concerns.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: Onboarding BYOD with firewall certificate

Hi Tim,

 

But when you say OS restrictions what do you mean exactly? ArubaOS firmware? The mobile phone OS?

 

Regards,

Julián

Re: Onboarding BYOD with firewall certificate

Hi,

 

In the following thread jima_uk also wanted to use firewall certificates for deep inspection. Isn't the same?

 

We just need a method to "force" the certificate onto BYOD type devices to ensure the web filter decryption works seamlessly. At the moment without the certificate the end client gets a trust warning and on a lot of smart phones that effectively makes it looks like they have no internet conneciton, especially to less savy end users. The devices are not on our domain and also not managed by an MDM so searching for other solutions.

 

http://community.arubanetworks.com/t5/Security/Deploying-additional-certificates/td-p/269180

 

Regards,

Julián

Guru Elite

Re: Onboarding BYOD with firewall certificate

No, this no longer possible due to device restrictions.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: Onboarding BYOD with firewall certificate

Hi Tim,

 

Ah, then you mean before was possible but not now due to the phones restrictions? So if ClearPass wants to install these certificates on the phones will fail?

 

Regards,

Julián

Guru Elite

Re: Onboarding BYOD with firewall certificate

It has nothing to do with the installation. Many devices will not implicitly trust the CA.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: