09-29-2017 11:30 AM
I am trying to verify that this will work before purchasing a new certificate. I'm moving from MS NPS to ClearPass for RADIUS authentication and need a new certificate. I have two ClearPass servers configured in a cluster with no shared VIP. Can I use one certificate with multiple SANs on both devices?
for instance the FQDN for both boxes are clearpass01.domain.com and clearpass02.domain.com
I was going to make the main url clearpass.domain.com and the two SANs
Will this work or do I need to get a certificate for each server? I was using a wildcard for certificate validation on the supplicant.
Solved! Go to Solution.
09-29-2017 11:47 AM
Yes, you can.
The common name should be something generic as this is what will be presented users when tunneled EAP methods are in use. Each server should have a SAN defined.
The supplicant only needs to be configured for the common name. SANs are ignored with EAP.