Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CLEARPASS ONBOARD WITH WINDOWS CA

This thread has been viewed 17 times

  • 1.  CLEARPASS ONBOARD WITH WINDOWS CA

    Posted 13 days ago

    Hello Airheads,

    quick question.

    customer would like Clearpass OnBoard to use Windows CA instead of OnBoard CA.

    Is this possible ?

    They want Apple MAC OS devices with AD user accounts registering with Onboard but OnBoard is pulling the user certs from Windows CA.

    Cheers

    Pete



  • 2.  RE: CLEARPASS ONBOARD WITH WINDOWS CA

    Posted 13 days ago

    just a quick note , i have already explained that the onboard CA is perfectly valid and recommended but they are asking is it possible ?

    cheers

    Pete


    Original Message


  • 3.  RE: CLEARPASS ONBOARD WITH WINDOWS CA

    EMPLOYEE
    Posted 13 days ago

    You can use a Windows PKI CA as the root with the Onboard enrolling CA as an intermediate but you aren't going to directly issue the certificates from Windows ADCS to the clients.



    ------------------------------
    Carson Hulcher, ACEX#110
    ------------------------------

    Original Message


  • 4.  RE: CLEARPASS ONBOARD WITH WINDOWS CA

    Posted 12 days ago

    OnBoard CA may not have the necessary security protections and multi-tier PKI architecture that the windows CA has.  What is the use-case for OnBoard though?  How are the Mac devices managed?  Why not use an MDM instead?


    Original Message


  • 5.  RE: CLEARPASS ONBOARD WITH WINDOWS CA

    Posted 12 days ago

    Why not use an MDM instead?  


    Original Message


  • 6.  RE: CLEARPASS ONBOARD WITH WINDOWS CA

    EMPLOYEE
    Posted 6 days ago

    Check this Tech Note.

    As mentioned, using ADCS may or (more likely) may not be the best choice for you. But it is possible.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message