Re: [PacketFence-users] PF 10.0.2, problem with 802.1x that revoked or no more valid certs still got access

Sun, 18 Jul 2021 22:28:59 -0700 

Hello,

The OCSP is not enabled by default, you will need to enable it in order to 
check if the certificate is revoked or not.

Thanks,

Ludovic Zammit
Product Support Engineer Principal

Cell: +1.613.670.8432
Akamai Technologies - Inverse
145 Broadway
Cambridge, MA 02142
Connect with Us:         <https://community.akamai.com/>  
<http://blogs.akamai.com/>  <https://twitter.com/akamai>  
<http://www.facebook.com/AkamaiTechnologies>  
<http://www.linkedin.com/company/akamai-technologies>  
<http://www.youtube.com/user/akamaitechnologies?feature=results_main>

> On Jul 16, 2021, at 7:26 AM, Mueller Urs SBB CFF FFS via PacketFence-users 
> <packetfence-users@lists.sourceforge.net> wrote:
> 
> Dear Packetfence Community
> 
> We're currently running a straightforward implementation of PacketFence 
> version 10.2.0.
> We know, that 10.3.0 is available, but the errata / bugs that should be fixed 
> in it, are not affecting us.
> 
> We are using it for Dot1x Access into our wired LAN via certificates issued 
> by the PacketFence internal PKI. 
> For this we have configured an EAPTLS Connection profile pointing to an 
> Authentication Source with a catchall rule. This works well so far.
> 
> The issue we're facing currently is around the revocation of certificates.
> 
> Meaning when revoking a certificate, the client will still have access to the 
> wired network as there is no condition checking for validity of the cert.
> When editing the Authentication Profile there are a number of conditions that 
> can be checked in a certificate to see if access shall be granted or not but 
> there is no option checking for revocation status.
> 
> Did any of you have had the same or a similar issue? Is there a 
> straightforward solution to the problem?
> 
> Best regards,
> 
> Urs Müller
> 
> SBB AG
> Poststrasse 6, 3072 Ostermundigen
> urs.bf.muel...@sbb.ch / 
> https://urldefense.com/v3/__http://www.sbb.ch__;!!GjvTz_vk!ALi0aM9Ho8bNS5KVGVyMdrg-6W2bnpPPJp5v286DmSWWO9LeHOry6cMhngahp35X$
>   
> 
> 
> 
> _______________________________________________
> PacketFence-users mailing list
> PacketFence-users@lists.sourceforge.net
> https://urldefense.com/v3/__https://lists.sourceforge.net/lists/listinfo/packetfence-users__;!!GjvTz_vk!ALi0aM9Ho8bNS5KVGVyMdrg-6W2bnpPPJp5v286DmSWWO9LeHOry6cMhngatdIqz$
>

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
PacketFence-users mailing list
PacketFence-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/packetfence-users






















					Reply via email to