Dell PowerConnect W Clearpass 100 Software 3.9 Deployment Guide - Page 92
Specify an OCSP responder URL, Include OCSP responder URL
View all Dell PowerConnect W Clearpass 100 Software manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 92 highlights
Mark the Include device information in TLS client certificates check box to include additional fields in the TLS client certificate issued for a device. These fields are stored in the subject alternative name (subjectAltName) of the certificate. Refer to Table 16 on page 92 for a list of the fields that are stored in the certificate when this option is enabled. Storing additional device information in the client certificate allows for additional authorization checks to be performed during device authentication. Note: If you are using an Aruba Controller to perform EAP-TLS authentication using these client certificates, you must have Aruba OS 6.1 or later to enable this option. Table 16 Device Information Stored in TLS Client Certificates Name Description OID Device ICCID Integrated Circuit Card Identifier (ICCID) number from the Subscriber Identity Module (SIM) card present in the device. This is only available for devices with GSM (cellular network) capability, where a SIM card has been installed. mdpsDeviceIccid (.4) Device IMEI International Mobile Equipment Identity (IMEI) number allocated to mdpsDeviceImei (.3) this device. This is only available for devices with GSM (cellular network) capability. Device Serial Serial number of the device. mdpsDeviceSerial (.9) Device Type Type of device, such as "iOS", "Android", etc. mdpsDeviceType (.1) Device UDID Unique device identifier (UDID) for this device. This is typically a 64- mdpsDeviceUdid (.2) bit, 128-bit or 160-bit number represented in hexadecimal (16, 32, or 40 characters, respectively). MAC Address IEEE MAC address of this device. This element may be present multiple times, if a device has more than one MAC address (for example, an Ethernet port and a Wi-Fi adapter). mdpsMacAddress (.5) Product Name Product string identifying the device and often including the hardware version information. mdpsProductName (.6) Product Version String containing the software version number for the device. mdpsProductVersion (.7) User Name String containing the username of the user who provisioned the device. mdpsUserName (.8) Note: Object Identifier. These OIDs are relative to the ClearPass Guest base OID, which is 1.3.6.1.4.1.14823.1.5.1. Specify one of the following options in the Authority Info Access drop-down list to control automatic certificate revocation checks: Do not include OCSP responder URL - The Authority Info Access extension is not included in the client certificate. Certificate revocation checking must be configured manually on the authentication server. This is the default option. Include OCSP responder URL - The Authority Info Access extension is added to the client certificates, with the OCSP responder URL set to a predetermined value. This value is displayed as the "OCSP URL". Specify an OCSP responder URL - The Authority Info Access extension is added to the client certificates, with the OCSP responder URL set to a value defined by the administrator. This value may be specified in the "OCSP URL" field. 92 | Onboard ClearPass Guest 3.9 | Deployment Guide