Wireless Water Cooler

New Contributor

802.1X Service Enforcement: Certificate Device Hostname

Hi Airheads,


As part of my 802.1X service for Windows PC's in Clearpass, I want to have an enforcement condition that allows me to look at the hostname in the device certificate and see if it's a valid hostname in AD. 

Is this possible?

Any help here would be appreciated.

Thanks in advance, 



Occasional Contributor II

Re: 802.1X Service Enforcement: Certificate Device Hostname



Yes for sure, if you're using computer certificate, the certificate should have the name of the computer. 


Put your active directory as a source of Authentication and then create a role mapping for your service which will query the Active Directory to check multiple thinks like : if the computer is trusted, if the computer is still active, etc. 


Please find an example in the screenshot. 





Search Airheads
Showing results for 
Search instead for 
Did you mean: