Can NAC push certificate to device


Userlevel 5
Hi All

Can the NAC push a certificate to a device, to use for authentication?

Thx

8 replies

Userlevel 6
Is this a new appliance being added, or a replacement one?
Userlevel 5
Hi Mike, not sure on your question.
This a a new NAC appliance that is being deployed.

The client would like to use EAP TLS with Certificates to authentication.
For windows Laptops, I can join the domain on the LAN and have the authentication Certificate pushed/installed on the laptop from a group policy that applies to the Laptop.

The problem occurs with the Mobile devices, when they connect to the Wireless they do not have the Authentication Cert installed and also does not trust the CA.
Userlevel 6
Thanks Andre,
So I am uncertain, is there an existing NAC that had a certificate on it, or is this a new install?
Userlevel 5
This will be a new installation
Userlevel 6
Okay, A replaced NAC could have the certificate enforced down to the device, but a new NAC will need to go through the process outlined in this document to install the certificates on a per-nac basis. Since your using 802.1x, you will need to go through the CSR process as well.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-To-Update-NAC-Internal-Communications-...
I think Andre is asking about client devices, not NAC devices managed by EMC. The answer is no, you'll need a third-party product like CloudPath, SecureW2 or an MDM that supports SCEP to push out a profile with the RADIUS cert and request a client cert.
Userlevel 5
Hi James

Thank you, yes my questions was related to the client device certificate.

Thx
Userlevel 6
NAC does not have the ability to install certificates or provision 802.1x supplicants with the correct authentication configuration on end systems.

Thanks
-Ryan

Reply