Security

Reply
New Contributor
Posts: 4
Registered: ‎07-15-2016

Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

Hello community,

 

We have migarated our Clearpass from a hardware appliance 500 to a virtual Clearpass CP-VA-500 version 6.6.5.93747 . I have created a VM on an ESXi server, did the basic config and restored the backup from the hardware appliance. After that I had to install our public cerificate for the CP portal page. Everything works fine, except when I try to online activate our licenses, I get the Error: 'Client certificate-chain validation failed'.

How can I evaluate which certificat is responsible for this error?

 

Tanks for any hints.

Konrad

 

MVP
Posts: 4,307
Registered: ‎07-20-2011

Re: Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

You need to contact tac so they deactivate the license on the other box and then it will allow you to activate it on the new one

Get Outlook for iOS
Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor
Posts: 4
Registered: ‎07-15-2016

Re: Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

Hi Victor,

 

Thank you for this hint.

I have already a TAC open for the migration to VM and the license activation on the VM. The licenses on the appliance  are already deactivated by TAC. Because of the certification problem the TAC tries to offline activate the licenes. Thats ok for the first step, but finally I would like to solve the problem at the roots. Maybe someone had a similar problem an may give me a hint.

 

Thanks and greetings from Switzerland

Konrad

MVP
Posts: 554
Registered: ‎11-04-2011

Re: Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

Konrad,

Did you check the clock on the new ClearPass appliance? If it is off (by months) it might be that one of the certs is considered expired or not valid yet.

Another thought, could it be that the https traffic from ClearPass to the internet runs through a proxy that intercepts the SSL traffic (ssl inspection)? That can render the traffic invalid as well.

Working with TAC should give the quickest resolution.

73, Herman

--
If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Search Airheads
Showing results for 
Search instead for 
Did you mean: