Security

Reply
Contributor I
Posts: 60
Registered: ‎12-15-2011

Changing HTTPS Certificates in a ClearPass Cluster

I will be changing the HTTPS certificates (ie update expiration date) on all nodes in a CPPM cluster.

1. While I am updating the certificates, will the subscriber nodes stop  responding to RADIUS requests?  I would expect the nodes to continue operating normally as long as the root CA certificate or certificate chain does not  need to change.

2. After the certificates are all installed, will the cluster continue to operate as before without futher configuration?

Thanks.

Moderator
Posts: 455
Registered: ‎11-09-2012

Re: Changing HTTPS Certificates in a ClearPass Cluster

so your changing just the HTTPS cert, your not touching the RADIUS cert?

 


Best Regards
-d

Snr Tech Marketing Engineer - ClearPass

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Contributor I
Posts: 60
Registered: ‎12-15-2011

Re: Changing HTTPS Certificates in a ClearPass Cluster

Correct, I am not touching the RADIUS cert. My question was based on the assumption that the nodes in the cluster establish trust using the HTTPS cert. After further reading, I now believe that trust is based on the RADIUS certificate which means no impact when I change the HTTPS cert. I would appreciate your verification.
Thanks.

Frequent Contributor II
Posts: 114
Registered: ‎07-13-2015

Re: Changing HTTPS Certificates in a ClearPass Cluster

1. While I am updating the certificates, will the subscriber nodes stop  responding to RADIUS requests?  I would expect the nodes to continue operating normally as long as the root CA certificate or certificate chain does not  need to change.

There is a HTTPS certificate and a RADIUS certificate on each node, in your case, you are replacing the HTTPS certificate, which won't affect in any matter RADIUS authentication using EAP-TLS or EAP-PEAP.

Replacing HTTPS certificate will have effect on the Management of the nodes and also Captive Portal. If you are unsure and have a backup/lab node, start with it and test your cert to make sure it's working.

 

 

2. After the certificates are all installed, will the cluster continue to operate as before without futher configuration?

Thanks.

 

Yes :)

ACMP, ACCP, BCNE
Contributor I
Posts: 60
Registered: ‎12-15-2011

Re: Changing HTTPS Certificates in a ClearPass Cluster

Hi Overclock,

Thank-you for your reply.  It was very helpful.  

Search Airheads
Showing results for 
Search instead for 
Did you mean: