Table 16 Device Information Stored In Tls Client Certificates - Aruba Networks PowerConnect W Clearpass 100 Software Deployment Manual

Mark the Include device information in TLS client certificates check box to include additional fields
in the TLS client certificate issued for a device. These fields are stored in the subject alternative name
(subjectAltName) of the certificate. Refer to
certificate when this option is enabled.
Storing additional device information in the client certificate allows for additional authorization checks to
be performed during device authentication.
Note: If you are using an Aruba Controller to perform EAP-TLS authentication using these client
certificates, you must have Aruba OS 6.1 or later to enable this option.

Table 16 Device Information Stored in TLS Client Certificates

Name
Device ICCID
Device IMEI
Device Serial
Device Type
Device UDID
MAC Address
Product Name
Product Version
User Name
Note: Object Identifier. These OIDs are relative to the ClearPass Guest base OID, which is 1.3.6.1.4.1.14823.1.5.1.
Specify one of the following options in the Authority Info Access drop-down list to control automatic
certificate revocation checks:
Do not include OCSP responder URL – The Authority Info Access extension is not included in the

client certificate. Certificate revocation checking must be configured manually on the authentication
server. This is the default option.
Include OCSP responder URL – The Authority Info Access extension is added to the client

certificates, with the OCSP responder URL set to a predetermined value. This value is displayed as the
"OCSP URL".
Specify an OCSP responder URL – The Authority Info Access extension is added to the client

certificates, with the OCSP responder URL set to a value defined by the administrator. This value may be
specified in the "OCSP URL" field.
92 | Onboard
Description
Integrated Circuit Card Identifier (ICCID) number from the
Subscriber Identity Module (SIM) card present in the device. This is
only available for devices with GSM (cellular network) capability,
where a SIM card has been installed.
International Mobile Equipment Identity (IMEI) number allocated to
this device. This is only available for devices with GSM (cellular
network) capability.
Serial number of the device.
Type of device, such as "iOS", "Android", etc.
Unique device identifier (UDID) for this device. This is typically a 64-
bit, 128-bit or 160-bit number represented in hexadecimal (16, 32,
or 40 characters, respectively).
IEEE MAC address of this device. This element may be present
multiple times, if a device has more than one MAC address (for
example, an Ethernet port and a Wi-Fi adapter).
Product string identifying the device and often including the
hardware version information.
String containing the software version number for the device.
String containing the username of the user who provisioned the
device.
Table 16 on page 92 for a list of the fields that are stored in the
OID
mdpsDeviceIccid (.4)
mdpsDeviceImei (.3)
mdpsDeviceSerial (.9)
mdpsDeviceType (.1)
mdpsDeviceUdid (.2)
mdpsMacAddress (.5)
mdpsProductName (.6)
mdpsProductVersion (.7)
mdpsUserName (.8)
ClearPass Guest 3.9 | Deployment Guide