Security

Reply
Occasional Contributor II

Override OCSP URL from Client

1) if i do include ocsp url in the client cert, is the oscp request sent out by client or the clearpass? 

2) if i do not include ocsp url in the client cert, instead i overwrite oscp url from client in the authentication method; is the oscp request sent out by client or the clearpass?

Guru Elite

Re: Override OCSP URL from Client

1.  Clearpass

2.  Clearpass determines (a) If there is an OCSP request (b) If it will choose the client's URL or (c) If it will choose its own..

 

EAP-TLS clients do not have an ip address until they authenticate, so that traffic cannot come from the client....


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.3 User Guide
InstantOS 8.3 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Guru Elite

Re: Override OCSP URL from Client

OCSP for EAP-TLS is between the RADIUS server and the CA in all cases.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: Override OCSP URL from Client

lets say i have a cluster of CP with different zone (Zone A,B) and i use onboard CA (ZoneA), i will need to allow from zone B data port ip for to zone A OSCP url port 80?? 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: