Security

Reply
Contributor I
Posts: 21
Registered: ‎04-07-2016

ClearPass and IAP certificate query

Hi all,

 

I have a client who needs to obtain a public signed certificate for their IAP Virtual Controller and ClearPass in order to use the ClearPass Captive Guest Portal.

 

The client has a public domain name for the Internet facing services, however ClearPass will sit on the internal network. ClearPass will need to join the internal domain in order to authenticate their RADIUS clients, but the public CA will not sign a CSR with an internal domain name. Does the domain name that ClearPass was configured with when built, have to match the AD domain name that it was joined to?

 

I would like to append the public domain name to the ClearPass hostname so that the Public CA can sign all certificate requests.

 

-Brett

Guru Elite
Posts: 8,754
Registered: ‎09-08-2010

Re: ClearPass and IAP certificate query

You would just create the public DNS name in your internal DNS so clients can resolve it.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor I
Posts: 21
Registered: ‎04-07-2016

Re: ClearPass and IAP certificate query

Ok thanks Tim,

 

So the DNS entry just has to match the common name in the certificate (or SAN) and clients will trust it?

 

-Brett

Guru Elite
Posts: 8,754
Registered: ‎09-08-2010

Re: ClearPass and IAP certificate query

Yes, correct.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: