IAM/NAC: Binding of Certificate and MAC Address
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎11-26-2013 07:03 PM
I experience the customer need for a feature where you can bind the Subject of the Certificate to the MAC Address. For example CN=00-11-22-33-44-55 and RADIUS Calling-Station-ID Attribute.
Use Case: You want to integrate Mobile Devices into your corporate Wifi secured via certificate (EAP-TLS). The mentioned feature would avoid the user to export the certificate and import it on a own device (as long as the MAC is not spoofed).
Are there any other ideas to realize this use case?
Best Regards
Michael
Use Case: You want to integrate Mobile Devices into your corporate Wifi secured via certificate (EAP-TLS). The mentioned feature would avoid the user to export the certificate and import it on a own device (as long as the MAC is not spoofed).
Are there any other ideas to realize this use case?
Best Regards
Michael
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-09-2014 07:31 AM
Some customers fear that their users export their smartphone certificates and install them unto their own devices to get full access to the network. Solution today is to implement non-exportable certificates, so no 802.1X for smartphones (or similar).
It would be easier, if it was possible to match the MAC and a certificate attribute for certain device types (of the customers choosing). Especially if there was an alarm/trap/etc, when this match fails.
It would be easier, if it was possible to match the MAC and a certificate attribute for certain device types (of the customers choosing). Especially if there was an alarm/trap/etc, when this match fails.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎01-09-2014 07:24 AM
The certificate could be generated with a private key that is not allowed to be exported. But this doesn't help in any circumstance and makes backups of the certificates more complicated for administrators. The suggested solution is a good way to improve this issue.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-16-2013 05:05 PM
We will take this request into consideration but would like to hear from our users on this request.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-02-2013 11:19 AM
Hi Michael, I am going to run this through our product management group and have someone respond shortly. Thanks for the suggestion!
