Security

I was looking for more information on how to set up an Imported CA on ClearPass but there is not much in the user guide. Can someone please confirm the statement below:

Imported CA: You will import the certificate public and private key files into Clearpass and this CA certificate will be used as the Root CA to issue new certificates

That means, if I have a Microsoft Root CA, I import the Root CA's certificate along with its private key and then use ClearPass to issue certs on behalf of the Root CA. 

Thank you.

Thanks for the reply but it doesn't answer what I asked

You'll want to import the root CA certificate as is. No private key neceassary. Then you'll want to request an intermediate certificate from MS Certificate Services.

If you do the CSR for the intermediate cert inside of ClearPass, you only need to import the signed certificate. If you do the CSR elsewhere, export the private key and import it with the signed cert.

So basically, Imported CA functions as an Intermediate CA. Is that right?

If you are not using the built-in CA, yes.

I guess this is where I get confused. So, for the certificate and the key, do I import the cert for the Intermediate CA and it's private key that I export wherever I generate the CSR.

You have 3 options.

1. CPPM is the Root CA

You will just be the full PKI

2. CPPM is an intermediate to your existing Root CA

You will generate a CSR that the existing Root CA will sign then you will import that into CPPM

3. You import a Root CA

You had a third party create you a Root CA and you import the cert and PKey. 

From your description I assume you already have an existing Root CA server so you will go through the CSR request in CPPM. Have the Root sign the cert then import it into CPPM. Then Clearpass will now be an intermediate to your Root and had out certs based on your current CA.