Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Users connect when cert is revoked

This thread has been viewed 0 times

  • 1.  Users connect when cert is revoked

    Posted Dec 01, 2016 01:08 PM

    Hi,

     

     I`m implementing an onboard solution. Since I need to create the certs manually, I install them on the PC but when revoke que cert on the clearpass, the users can still get into the networks, but it does not happen when use the quickconnect.



  • 2.  RE: Users connect when cert is revoked

    Posted Dec 01, 2016 01:23 PM
    Are you using OCSP Validation ?


  • 3.  RE: Users connect when cert is revoked

    EMPLOYEE
    Posted Dec 01, 2016 01:25 PM
    Are you using the same CA for the manual devices and the Onboarded devices?


  • 4.  RE: Users connect when cert is revoked

    Posted Dec 01, 2016 01:39 PM
    Hi
    I'm not using ocsp validation.
    :
    :
    And using the same CA for both.. the idea is just to generate manual certs.


  • 5.  RE: Users connect when cert is revoked

    EMPLOYEE
    Posted Dec 01, 2016 01:44 PM
    You need to use OCSP. That is how the authentication process validates the
    validity of the certificate.


  • 6.  RE: Users connect when cert is revoked

    Posted Dec 01, 2016 01:47 PM
    You mean, I need to use tjis on the auth method? Or activate that on the onboard CA?


  • 7.  RE: Users connect when cert is revoked

    EMPLOYEE
    Posted Dec 01, 2016 01:49 PM
    [EAP TLS With OCSP Enabled] should work.


  • 8.  RE: Users connect when cert is revoked

    Posted Dec 01, 2016 03:24 PM

    I set the [EAP TLS With OCSP Enabled] on the service but now no users can connect even when the cert is not revoked.



  • 9.  RE: Users connect when cert is revoked

    EMPLOYEE
    Posted Dec 01, 2016 03:27 PM
    Please provide an access tracker dashboard details export.


  • 10.  RE: Users connect when cert is revoked

    Posted Dec 01, 2016 04:32 PM

    Attach 2 files.. 

    Attachment(s)

    zip
    DashboardDetailsAccept.zip   16 KB 1 version
    zip
    DashboardDetailsFail.zip   8 KB 1 version


  • 11.  RE: Users connect when cert is revoked
    Best Answer

    Posted Dec 01, 2016 04:55 PM

    made this work.. I just needed to activate that on the CA as well