Security

Reply
Frequent Contributor II
Posts: 251
Registered: ‎09-14-2011

Clearpass problems with COMODO certs?

Anyone ever have any problem loading up a COMODO server cert to Clearpass?

Scott McNeil - IT Specialist, Global Process Automation
Network+ | CWNA | CWTS | ACSP | ACMP | ACMA | BREC
Guru Elite
Posts: 8,765
Registered: ‎09-08-2010

Re: Clearpass problems with COMODO certs?

What exactly is the issue? Are you getting an error on import or is it a
client issue?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 251
Registered: ‎09-14-2011

Re: Clearpass problems with COMODO certs?

I have been working with Dave Dipert from DNS and we have figured that the cert is properly installed into CPPM in the correct chain of trust order (otherwise it won't accept it when you try to upload it). However when ever I connect with a win7 device i get this error:

 

Cert Error CPPM.PNG

 

So now we are not quite sure where to go from here...

Scott McNeil - IT Specialist, Global Process Automation
Network+ | CWNA | CWTS | ACSP | ACMP | ACMA | BREC
Guru Elite
Posts: 8,765
Registered: ‎09-08-2010

Re: Clearpass problems with COMODO certs?

That's the client side server certificate check for PEAP. You either need
to manually configure the client with the appropriate certificate and
server trusts or use a supplicant configuration utility like QuickConnect

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 251
Registered: ‎09-14-2011

Re: Clearpass problems with COMODO certs?

Ok, thats where we were headed as a conclusion as well. Question to you Tim, would a cert from another vendor have the same problem? Would the easiest solution be getting a cert from say GoDaddy or Verisign for example? Or do you think there is an issue with the individual cert we purchased?

Scott McNeil - IT Specialist, Global Process Automation
Network+ | CWNA | CWTS | ACSP | ACMP | ACMA | BREC
Guru Elite
Posts: 8,765
Registered: ‎09-08-2010

Re: Clearpass problems with COMODO certs?

All certificates will do this. Each SSID profile on a device has a trusted
CA and trusted server name. If the CA that issues your server cert is not
preconfigured for that SSID profile, you will get that warning.

All it's saying is: do you trust this server so I can send your credentials
to it?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Guru Elite
Posts: 8,765
Registered: ‎09-08-2010

Re: Clearpass problems with COMODO certs?

This message often reads as an error but its a normal part of the EAP-PEAP process

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor II
Posts: 251
Registered: ‎09-14-2011

Re: Clearpass problems with COMODO certs?

You suggested using Quickconnect, would Onboarding (since I have the licenses) take care of it as well? (I am a CPPM noob incase you couldn't tell LOL)

Scott McNeil - IT Specialist, Global Process Automation
Network+ | CWNA | CWTS | ACSP | ACMP | ACMA | BREC
Guru Elite
Posts: 8,765
Registered: ‎09-08-2010

Re: Clearpass problems with COMODO certs?

QuickConnect is a standalone dissolvable product that handles supplicant
configuration without the need to onboard. It's good for basic
peap-mschapv2 and ttls. If you are doing certificate authentication and
enrollment (EAP-TLS) you should use CP OnBoard.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
Showing results for 
Search instead for 
Did you mean: