Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?

This thread has been viewed 0 times

  • 1.  I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?

    Posted Nov 20, 2014 04:35 PM

    I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?



  • 2.  RE: I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?

    EMPLOYEE
    Posted Nov 20, 2014 04:36 PM
    Is this for a radius certificate or for the web server certificate?


  • 3.  RE: I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?

    Posted Nov 20, 2014 04:42 PM

    Web (Captive portal,Https logins) how to do it



  • 4.  RE: I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?

    EMPLOYEE
    Posted Nov 20, 2014 04:45 PM
    You'll need to have a public CA issue you a cert.

    GoDaddy is a cheap option.


  • 5.  RE: I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?

    Posted Nov 20, 2014 04:47 PM

    thats is for public what if I have windows server how can I do that?



  • 6.  RE: I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?

    EMPLOYEE
    Posted Nov 20, 2014 04:57 PM
    You need to do it with a public CA otherwise all the devices that are connecting to your guest network will get a certificate error.


  • 7.  RE: I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?

    Posted Nov 20, 2014 04:59 PM

    ok waht if I want to make users use normal HTTP to avoid certfiate error how can I do it?



  • 8.  RE: I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?

    Posted Nov 21, 2014 03:03 AM

    another option is to use the CPPM Onboard CA to sign your CSR.

     

    Take a look at my PKI 101 doc here......

     

    http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Default.aspx?EntryId=7961

     



  • 9.  RE: I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?

    Posted Nov 21, 2014 05:52 AM

    Thank you so much but actually I dont have onboard License

     

    is there is a solution that I can make users redirect to http to avoid certficate error that appear on browser?



  • 10.  RE: I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?

    EMPLOYEE
    Posted Nov 21, 2014 06:01 AM
    You get 25 enterprise licenses with every ClearPass server which can be used for a combination of Onboard, OnGuard and Guest.

    What type of captive portal are you using? Self reg? AD/employee authentication? Accept terms /click through?


  • 11.  RE: I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?

    Posted Nov 21, 2014 07:38 AM

    Hi Tim, I'm Using Self Register



  • 12.  RE: I created a CSR on Clearpass how can I sign it to be trusted if I don't have internal PKI?
    Best Answer

    EMPLOYEE
    Posted Nov 21, 2014 09:02 AM

    If you still want to disable https for guest access, disable it under Configuration > Authentication in ClearPass guest. Also be sure to modify your captive portal profile in the controller.