Security

Reply
Occasional Contributor II
Posts: 51
Registered: ‎12-16-2014

GoDaddy Clearpass RADIUS Cert Not Trusted by Clients

[ Edited ]

Hello, thanks in advance.  We just bought a "standard SSL cert" for the FQDN of our Clearpass server.  So it's clearpass.corp.abccompany.com.  I imported the RADIUS cert into Clearpass but it barfed so I had to first add two GoDaddy (intermediate and root) certs to the "trust list" in clearpass.  Then I was able to import the GoDaddy RADIUS cert into clearpass.  The problem is when a client connects to the 802.1x wifi they are STILL getting an error like below....this is very frustrating.  We got this error before when the Clearpass RADIUS cert was signed by our domain controller but we hoped that by buying a GoDaddy cert clients would not get this error but we are no better off....any help would be appreciated, thanks.  I know you can push trusted certs with group policy but we will potentially have devices connecting that we cannot control (guest iphones, androids, etc) so I can't push a trusted cert on to the thousands of unknown devices that may connect....

 

Capture.PNG

Guru Elite
Posts: 8,188
Registered: ‎09-08-2010

Re: GoDaddy Clearpass RADIUS Cert Not Trusted by Clients

This is not an error. There are dozens of posts on this topic. This is a normal part of using EAP-PEAP. The message is asking you to verify that you want to send your credentials to the server.

 

Every modern client shows a message during the first authentication.

 

The only way to bypass this message is to either preconfigure the clients manually, via MDM, something like Group Policy / Profile Manager / QuickConnect, or Onboard them.

 

It has nothing to do with PKI certificate trust.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Guru Elite
Posts: 20,578
Registered: ‎03-29-2007

Re: GoDaddy Clearpass RADIUS Cert Not Trusted by Clients

You need to combine the server certificate with the intermediate certificate into a text file.  Save that as server.crt  You should then be able to upload that to ClearPass with the private key.  Please see the document below.  Kudos to my co-worker who put together this slide.

 

intermediate.png



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Search Airheads
Showing results for 
Search instead for 
Did you mean: