Security

Reply
Highlighted
Occasional Contributor II

Clearpass 6.6.8 issues with adding new RADIUS certs.

RADIUS cert are about to become invalid.  Trying to add new cert from CA server.  When creating new CSR for CPPM, no problem until importing back into CPPM.  There seems to be a problem with the certPrivKey.  It states that the certPkey does not match.  Please the clients are getting an TLS Handshake failed in SSL_read with error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown_ca.  We have tried several CA certs to no avail.

Guest Blogger

Re: Clearpass 6.6.8 issues with adding new RADIUS certs.

Did you create the CSR on ClearPass? I have never had a problem with importing a cert before on any CPPM version.

 

I always create the CSR offline with OpenSSL. Get the CSR signed by the CA and import the certificate with the private key back.

 

You can use my personal blog to create the CSR, get it signed and optionally create a PFX cert - OpenSSL for CSR generation

@rene_booches | AMFX #26, ACMX #438, ACCX #725, ACDX #760, CCNP R&S, CEH | Co-owner/Solution Specialist@4IP / blog owner@booches.nl
Occasional Contributor II

Re: Clearpass 6.6.8 issues with adding new RADIUS certs.

I found our issue!  The new DoD cert has a bad naming convention at the root.  I discovered it with the help of the TAC.  I also found that within a cluster the publisher pass all inforamtion to all subscribers.  Neat!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: