Security

last person joined: 7 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Override OCSP URL from Client

This thread has been viewed 4 times

  • 1.  Override OCSP URL from Client

    Posted Jan 04, 2016 11:34 AM

    1) if i do include ocsp url in the client cert, is the oscp request sent out by client or the clearpass? 

    2) if i do not include ocsp url in the client cert, instead i overwrite oscp url from client in the authentication method; is the oscp request sent out by client or the clearpass?



  • 2.  RE: Override OCSP URL from Client

    EMPLOYEE
    Posted Jan 04, 2016 11:36 AM

    1.  Clearpass

    2.  Clearpass determines (a) If there is an OCSP request (b) If it will choose the client's URL or (c) If it will choose its own..

     

    EAP-TLS clients do not have an ip address until they authenticate, so that traffic cannot come from the client....



  • 3.  RE: Override OCSP URL from Client
    Best Answer

    EMPLOYEE
    Posted Jan 04, 2016 11:37 AM

    OCSP for EAP-TLS is between the RADIUS server and the CA in all cases.



  • 4.  RE: Override OCSP URL from Client

    Posted Jan 04, 2016 12:39 PM

    lets say i have a cluster of CP with different zone (Zone A,B) and i use onboard CA (ZoneA), i will need to allow from zone B data port ip for to zone A OSCP url port 80??