08-20-2014 02:27 PM
I'm having trouble authenticating against an AD server that has a self signed CA. I was able to import the cert, but I still fail. I see an "unknown CA" error during the TLS negotiation between the Clearpass and AD server.
Is this a non-starter with Clearpass? And...before everyone flags the security (or lack thereof) of using a self signed cert....we're testing prior to going in production with a true cert.
08-20-2014 02:32 PM
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
08-20-2014 02:36 PM
Consulting Systems Engineer - ACCX, ACDX, ACMX
If you found my post helpful, please give kudos
08-20-2014 02:59 PM - edited 08-20-2014 03:13 PM
This is solely between ClearPass and AD. You don't need to do anything to clients.
Since it is a self-signed certificate, upload the AD certificate here:
If its signed by an internal MS ADCS certificate authority, upload the private root CA.
08-21-2014 05:58 AM
I have limited access to the server, so I uploaded the cert they said the LDAP server is using in the trust list...it's enabled and trusted.
I still throw an unknown CA error in a wireshark trace, so that means I was given the wrong cert...or I have a mismatch between cert and dns name.