Security

Reply
Contributor II
Posts: 47
Registered: ‎01-07-2013

Certificates on ClearPass subscribers

Hi

 

I have a question regarding the certificates on ClearPass subscribers.

ClearPass version 6.4.4.

Currently I configure a three node cluster with one publisher and two subscribers.

I would like to have a common name for Guest registration pages and unique names on each host for Radius.

Most of the clients are non-managed BYOD clients and only trust public CA's. A certificate from internal CA isn’t an option.

 

Onboarding isn't planned to be implemented.

What would be the best certificate strategy?

Option 1. One SAN enabled certificate with one CN like clearpass.domain.com for https and the FQDN for each host as SAN for the Radius service

Option 2. Unique certificates for both https and radius

Option 3 Any suggestions appreciated

 

Contributor I
Posts: 47
Registered: ‎06-15-2010

Re: Certificates on ClearPass subscribers

In my opinion Option 1

 

I would definately make the the radius certficate common among all of the applicances if you have roaming clients or they would connect to all appliances so that they don't have to accept a different certificates. I would have a common CN and multiple SAN's for each appliance.

Moderator
Posts: 470
Registered: ‎11-09-2012

Re: Certificates on ClearPass subscribers

A lot of your Q's are discussed/answered in this TechNote

 

CPPM - Certificates 101 Technote V1.0 .pdf

 

 


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Contributor II
Posts: 47
Registered: ‎01-07-2013

Re: Certificates on ClearPass subscribers

Thank you for the tech note link!

 

This document aswered my questions.

 

Regards

Jonas

Search Airheads
Showing results for 
Search instead for 
Did you mean: