Security

Reply
Regular Contributor II
Posts: 240
Registered: ‎09-11-2013

ClearPass Cluster certificate question?

Hi Forum,

 

I'm working on a cluster of two nodes only(Publisher and subscriber with a VIP). I have read the Cert Tech note and I think Danny has done a great job on that document. I followed his recommendations on the cluster certificate section -page 26 and on-

The question I have is:

Can I use the same publicly signed certificate for both SSL and RADIUS .1x authentication? Would the .1x clients get an error because the CN is for the DATA(guest) VIP interface and not the MGMT interface that they are reaching the box on?

I'm not sure I can get two publicly signed certs for DATA and MGMT interfaces, so can I reuse and what's the downside?

 

 

Thanks in advance,

 

Guru Elite
Posts: 8,460
Registered: ‎09-08-2010

Re: ClearPass Cluster certificate question?

Yes you can use the same certificate for both radius and web. Also, the port does not matter since the common name for 802.1X does not have to match the DNS name.


Thanks,
Tim

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Regular Contributor II
Posts: 240
Registered: ‎09-11-2013

Re: ClearPass Cluster certificate question?

Thank you Tim, Can the same publicly signed cert be installed on the both nodes? or do I need to use the same CSR to get two different certs one for each box?

Guru Elite
Posts: 8,460
Registered: ‎09-08-2010

Re: ClearPass Cluster certificate question?

Yes, as long as both FQDNs are subject alternative names.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 79
Registered: ‎03-09-2015

Re: ClearPass Cluster certificate question?

Search Airheads
Showing results for 
Search instead for 
Did you mean: