Security

last person joined: 18 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Update Trusted Certificates for Onboarded iOS devices

This thread has been viewed 3 times

  • 1.  Update Trusted Certificates for Onboarded iOS devices

    Posted Jan 05, 2017 11:21 AM

    We're updating the RADIUS cert for our CPPM cluster and the cert issuer is changing to an issuer that is not currently trusted by onboarded devices.  Is there any way of manipulating the trust list remotely or perhaps redirecting customers via CP to re-onboard?  Regarding the latter, I'd like to selectively redirect devices that haven't re-onboarded by a certain date.  I can't figure out how to do that though.



  • 2.  RE: Update Trusted Certificates for Onboarded iOS devices

    Posted Jan 06, 2017 06:10 AM

    I believe you would need to get users to re-onboard in order to add the new trusted root certificate to the client.

     

    To force users to re-onboard I would create a new boolean attribute with an initial value of FALSE. Then write an enforcement policy that checks whether this attribute is present or set to FALSE when a client authenticates. If it is not present or is FALSE, then send a new user role back to the controller which forces the client to re-onboard. Once the onboarding is complete, you set this attribute to TRUE so that the next time they authenticate they don't get the new user role.