Security

Reply
Super Contributor II

Certificate File is not suitable for web server authentication message

Hi,

I'm just setting up an eval clearpass 6.2 system and am trying to import a server certificate. I've used this cert provider on loads of servers and they've always gone in just fine. The CN is airwave.york.ac.uk with a SubjectAlternateName of clearpass.york.ac.uk.

 

I've imported the root cert and both the intermediate certs but when I try and import the server cert I get "Certificate File is not suitable for web server authentication"  appearing. Is it something to do with the fact that the CN isn't clearpass.york.ac.uk? Any way round this?

 

 

Rgds

Alex

 

Aruba

Re: Certificate File is not suitable for web server authentication message

What cert format are you using?

Pem, P12, P7b, etc
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Super Contributor II

Re: Certificate File is not suitable for web server authentication message

PEM base formt. file extension =.crt

Rgds

Alex

 

Super Contributor II

Re: Certificate File is not suitable for web server authentication message

Hi Troy,

Any news on this?

A

Guru Elite

Re: Certificate File is not suitable for web server authentication message

alexsuoy,

 

If you can open it on a Windows Computer, please look to see what it says under the Enhanced Key usage:

 

http://blogs.msdn.com/b/kaushal/archive/2012/02/18/client-certificates-v-s-server-certificates.aspx

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Super Contributor II

Re: Certificate File is not suitable for web server authentication message

I've got a server cert, Using  openssl x509 -text -in <autoconnect.crt> -noout I get

 

......

X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:0C:BD:93:68:0C:F3:DE:AB:A3:49:6B:2B:37:57:47:EA:90:E3:B9:E

X509v3 Subject Key Identifier:
4B:FF:F1:B9:ED:59:A1:27:A8:2C:36:0F:59:05:E8:FB:2F:35:E4:E6
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.6449.1.2.2.29
Policy: 2.23.140.1.2.1

 

....

 

Cert obtained from JANET Certificate authortity. 

 

Rgdd

 

alex

 

Guru Elite

Re: Certificate File is not suitable for web server authentication message

Please open a support case.  You could have a unique problem.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Aruba Employee

Re: Certificate File is not suitable for web server authentication message

While getting the CSR from clearpass to be signed by the ADCS, ensure that you have selected "Certificate Template = Web Server" in ADCS.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: