02-19-2014 08:56 AM
I was looking for more information on how to set up an Imported CA on ClearPass but there is not much in the user guide. Can someone please confirm the statement below:
Imported CA: You will import the certificate public and private key files into Clearpass and this CA certificate will be used as the Root CA to issue new certificates
That means, if I have a Microsoft Root CA, I import the Root CA's certificate along with its private key and then use ClearPass to issue certs on behalf of the Root CA.
Solved! Go to Solution.
02-19-2014 09:26 AM
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
02-19-2014 09:40 AM - edited 02-19-2014 09:40 AM
You'll want to import the root CA certificate as is. No private key neceassary. Then you'll want to request an intermediate certificate from MS Certificate Services.
If you do the CSR for the intermediate cert inside of ClearPass, you only need to import the signed certificate. If you do the CSR elsewhere, export the private key and import it with the signed cert.
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
02-19-2014 10:01 AM
I guess this is where I get confused. So, for the certificate and the key, do I import the cert for the Intermediate CA and it's private key that I export wherever I generate the CSR.
02-19-2014 08:33 PM
You have 3 options.
1. CPPM is the Root CA
You will just be the full PKI
2. CPPM is an intermediate to your existing Root CA
You will generate a CSR that the existing Root CA will sign then you will import that into CPPM
3. You import a Root CA
You had a third party create you a Root CA and you import the cert and PKey.
From your description I assume you already have an existing Root CA server so you will go through the CSR request in CPPM. Have the Root sign the cert then import it into CPPM. Then Clearpass will now be an intermediate to your Root and had out certs based on your current CA.
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.