Security

Reply
Contributor I
Posts: 44
Registered: ‎03-10-2014

Clearpass Server Certificate is gonna expired

Dear all experts,

Due to my customer is using Clearpass and he told me that "Server Certificate" is gonna expired. So last night i came to fix this problem like these steps :

1. Generate CSR from CPPM side by goto  Administration » Certificates » Server Certificate and Create Certificate Signing Request
2. Upload CSR file that just generate from CPPM side to Onboard side by goto Home » Onboard + WorkSpace » Management and Control » View by Certificate and click Upload Certificate Signed Request
3. And i export Certificate file from Onboard side and import it back to CPPM side. The result is  an expiry Date will be extended to Dec 11,2015. That the old one is gonna expired in 18 Dec 2014.
4. I tried to test with following these cases :
    4.1 802.1x with notebook installed Win7 and Win8. They can successfully authenticated and work fine.
    4.2 Guest authentication by using the same notebook Win7 and Win8. They can work fine too.
    4.3 Iphone authentication with onboard , it can work fine.
    4.4 Android authentication with onboard, it can't work. It showed me like an attachment file error.

 

It look like Android already been provisioned but it died on the last authentication step about bad certificate.

 

Could you please advice me how to check or fix it?

 

Thanks very much,

Aruba
Posts: 1,545
Registered: ‎06-12-2012

Re: Clearpass Server Certificate is gonna expired

Did you try a reboot after the new cert was installed?
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor I
Posts: 44
Registered: ‎03-10-2014

Re: Clearpass Server Certificate is gonna expired

Yes , i did it. But still got the problem. Is it correct for my implementation step ??

Contributor I
Posts: 44
Registered: ‎03-10-2014

Re: Clearpass Server Certificate is gonna expired

Hi Troy,

 

Do we need to do anything at Android phone or anywhere else on CPPM or Onboard module?

 

Aruba
Posts: 1,545
Registered: ‎06-12-2012

Re: Clearpass Server Certificate is gonna expired

Your setup sounds fine but how are you exporting the cert from the onboard side. I would use pem and include the full trust chain
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Aruba
Posts: 1,545
Registered: ‎06-12-2012

Re: Clearpass Server Certificate is gonna expired

Also if you are reonboarding the android I would open the network and provisioning setting and resave so a new package is built.
Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Contributor I
Posts: 44
Registered: ‎03-10-2014

Re: Clearpass Server Certificate is gonna expired

Oh!!! i export from onboard side with crt file, not pem file. And how can i include full trust chain from exporting?

Search Airheads
Showing results for 
Search instead for 
Did you mean: