Aruba ClearPass Workshop - Onboard #5 - OCSP and certificate revocation


In this video, we show how Certificates for Onboarded devices can be revoked (disabled). By default, revoked certificates still give access, so we need to configure OCSP (Online Certificate Status Protocol). With that enabled, clients that try to authenticate with a revoked certificate are rejected access.

The override OCSP URL is disabled in this example, which requires a valid OCSP URL to be present in the client certificate. For Onboard we configured that in episode Onboard #1; for the Microsoft AD it is more complicated. That is why we select the OCSP optional in the EAP-TLS method. That honors the OCSP response if there is one, and ignores OCSP if there is no OCSP response (for example because there is no OCSP URL in the client certificate which is issued by Active Directory Certificate Services)


This video is part of the Aruba ClearPass Workshop series.

- Direct Youtube link -

Version history
Revision #:
1 of 1
Last update:
‎07-06-2017 07:58 AM
Updated by:
Search Airheads
Showing results for 
Search instead for 
Did you mean: