Security

last person joined: 23 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM Termination Cluster with Certificate using Multiple Subject Alternative Names

This thread has been viewed 1 times

  • 1.  CPPM Termination Cluster with Certificate using Multiple Subject Alternative Names

    Posted Sep 29, 2017 02:30 PM

    I am trying to verify that this will work before purchasing a new certificate. I'm moving from MS NPS to ClearPass for RADIUS authentication and need a new certificate. I have two ClearPass servers configured in a cluster with no shared VIP. Can I use one certificate with multiple SANs on both devices?

     

    for instance the FQDN for both boxes are clearpass01.domain.com and clearpass02.domain.com

     

    I was going to make the main url clearpass.domain.com and the two SANs

    clearpass01.domain.com

    clearpass02.domain.com

     

    Will this work or do I need to get a certificate for each server? I was using a wildcard for certificate validation on the supplicant.

     

    Thanks,

     

    Rosie



  • 2.  RE: CPPM Termination Cluster with Certificate using Multiple Subject Alternative Names
    Best Answer

    EMPLOYEE
    Posted Sep 29, 2017 02:48 PM

    Yes, you can.

     

    The common name should be something generic as this is what will be presented users when tunneled EAP methods are in use. Each server should have a SAN defined.

     

    The supplicant only needs to be configured for the common name. SANs are ignored with EAP.