Security

Reply
Occasional Contributor II

Certificates needed for Aruba ClearPass

Hi,

We have setup ClearPass policy Manger with Publisher/subscriber model. We are not using data ports and using only management ports. 

 

in-cppm1.domain.com ---->192.168.200.26

in-cppm2.domain.com----->192.168.200.27

in-cppmvip.ingrnet.com---->192.168.200.28

Now my question is how many certificates are needed for the above setup and we are going to use all the features of CPPM i.e. wireless authentication, RADIUS, Guest portal, OnGuard and OnBoard.

 

I have go through the technical note "CPPM - Certificates 101 Technote V1.0" but still need suggestion. 

We are planning to have wildcard certificate i.e. *.domain.com for https but how many certificates are needed for dot1x authentication where we are using VIP for the cluster setup.

 

Thanks,

Yugandhar.

Guru Elite

Re: Certificates needed for Aruba ClearPass

If you're using a wildcard for HTTPS, then you just need a standard server certificate for EAP with a generic common name like "auth.yourdomain.xyz" or "ClearPass.yourdomain.xyz"

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480

Re: Certificates needed for Aruba ClearPass

For .1x you only need one that can be shared between the 2

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: Certificates needed for Aruba ClearPass

Thank you for the response. But while importing wildcard certificate for https server, we are getting error even though enabled in Trusted certificate list like "certificate with appropriate Subject key identifier must be added and enabled in Trusted certificate list. Please suggest. Thanks, Yugandhar
Aruba Employee

Re: Certificates needed for Aruba ClearPass

Hi Yugandhar,

 

We generally see this error message if their is no proper certiifcate chain installed. Please follow my old post which proivde details on how certiifcate chain

 

http://community.arubanetworks.com/t5/Network-Management/Analytics-amp-Location-Engine-how-upload-SSL-Certificate/m-p/293559#M6507

 

If you have intermediate CA aswell, make sure it is added to trust list aswell and also check whether you are proivding correct private key details.

 

Regards,

Pavan

If my post addresses your query give kudos:)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: