Aruba Networks PowerConnect W Clearpass 100 Software Deployment Manual page 91
3.9 deployment guide
Hide thumbs
Also See for PowerConnect W Clearpass 100 Software:
- Deployment manual (438 pages) ,
- Manual (22 pages) ,
- Installation manual (12 pages)
Table of Contents
Advertisement
The Certificate Authority drop-down list can be used to select a different certificate authority. By default,
there is only a single certificate authority.
Use the Validity Period text field to specify the maximum length of time for which a client certificate
issued during device provisioning will remain valid.
The Clock Skew Allowance text field adds a small amount of time to the start and end of the client
certificate's validity period. This permits a newly issued certificate to be recognized as valid in a network
where not all devices are perfectly synchronized.
For example, if the current time is 12:00, and the clock skew allowance is set to the default value of 15
minutes, then the client certificate will be issued with a "not valid before" time of 11:45. In this case, if the
authentication server that receives the client certificate has a time of 11:58, it will still recognize the
certificate as valid. If the clock skew allowance was set to 0 minutes, then the authentication server would
not recognize the certificate as valid until its clock has reached 12:00.
The default of 15 minutes is reasonable. If you expect that all devices on the network will be synchronized
then the value may be reduced. A setting of 0 minutes is not recommended as this does not permit any
variance in clocks between devices.
When issuing a certificate, the certificate's validity period is determined as follows:
The "not valid before" time is set to the current time, less the clock skew allowance.
The "not valid after" time is first calculated as the earliest of the following:
The current time, plus the maximum validity period.
The expiration time of the user account for whom the device certificate is being issued.
The "not valid after" time is then increased by the clock skew allowance.
The Key Type drop-down list specifies the type of private key that should be created when issuing a new
certificate. You can select one of these options:
1024-bit RSA – lower security
2048-bit RSA – recommended for general use
4096-bit RSA – higher security
Note: Using a private key containing more bits will increase security, but will also increase the processing
time required to create the certificate and authenticate the device. The additional processing required will
also affect the battery life of a mobile device. It is recommended to use the smallest private key size that is
feasible for your organization.
ClearPass Guest 3.9 | Deployment Guide
Onboard |
91
Advertisement
Table of Contents
Troubleshooting
Need help?
Do you have a question about the PowerConnect W Clearpass 100 Software and is the answer not in the manual?