Contributor II
Posts: 48
Registered: ‎01-07-2013

Certificates on ClearPass subscribers



I have a question regarding the certificates on ClearPass subscribers.

ClearPass version 6.4.4.

Currently I configure a three node cluster with one publisher and two subscribers.

I would like to have a common name for Guest registration pages and unique names on each host for Radius.

Most of the clients are non-managed BYOD clients and only trust public CA's. A certificate from internal CA isn’t an option.


Onboarding isn't planned to be implemented.

What would be the best certificate strategy?

Option 1. One SAN enabled certificate with one CN like for https and the FQDN for each host as SAN for the Radius service

Option 2. Unique certificates for both https and radius

Option 3 Any suggestions appreciated


Contributor I
Posts: 50
Registered: ‎06-15-2010

Re: Certificates on ClearPass subscribers

In my opinion Option 1


I would definately make the the radius certficate common among all of the applicances if you have roaming clients or they would connect to all appliances so that they don't have to accept a different certificates. I would have a common CN and multiple SAN's for each appliance.

Posts: 496
Registered: ‎11-09-2012

Re: Certificates on ClearPass subscribers

A lot of your Q's are discussed/answered in this TechNote


CPPM - Certificates 101 Technote V1.0 .pdf



Best Regards

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Contributor II
Posts: 48
Registered: ‎01-07-2013

Re: Certificates on ClearPass subscribers

Thank you for the tech note link!


This document aswered my questions.




Search Airheads
Showing results for 
Search instead for 
Did you mean: