An organization uses ClearPass to verify client certificates for network access. A client attempts to authenticate using a TLS certificate. What does ClearPass need to verify to ensure the certificate is valid?
A.
ClearPass only needs to verify the issuing date and timestamp.
B.
ClearPass must verify the certificate's issuing organization and the client's private key.
C.
ClearPass must verify the certificate's issuing organization, issuing date, and timestamp within the allowed clock skew.
Certificate validation is a multi-step process. ClearPass must first verify the Trust Chain to ensure the certificate was issued by a trusted organization (CA). Next, it must check the Validity Period to ensure the certificate is not expired or not yet valid. Crucially, because certificates use precise timestamps, ClearPass must account for Clock Skew ; if the server and client times are too far apart, the certificate may appear invalid even if it is technically current.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit