Hopefully someone will be able to assist with this.
We have an issue where our wireless network is sending out the TLS certificate to new clients. We use this as a method of controlling which devices can access our network through wireless, so we don't really want to be sending it out to any old client that gets authenticated.
We want to manually place the certificate on the machines so that users can't add their phones or own devices to the network.
I believe this is either an issue with the ACS server or the WiSMs.
Old clients you mean, the clients already having certs? You can revoke them by editing the CRL ( date ), client already having old cert would be considered as having invalid cert , they would need to enrol for new cert from AD.
Thanks for the reply. This is an issue with new clients are being offered the certificate once they login over wireless. People who already have the certificate are fine. For instance, we aren't allowed to permit users personal phones onto the wireless, however, if I join the wireless on my personal phone, enter my normal AD credentials, I am then offered the download of the certificate. This negates most of the reason we are using the certificates.
You can configure two types of certificates in ACS:
•Trust certificate—Also known as CA certificate. Used to form CTL trust hierarchy for verification of remote certificates.
•Local certificate—Also known as local server certificate. The client uses the local certificate with various protocols to authenticate the ACS server. This certificate is maintained in association with its private key, which is used to prove possession of the certificate.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...