Security

Reply
Contributor II
Posts: 48
Registered: ‎05-14-2012

Imported CA Certificate Authority Settings

I was looking for more information on how to set up an Imported CA on ClearPass but there is not much in the user guide. Can someone please confirm the statement below:

 

Imported CA: You will import the certificate public and private key files into Clearpass and this CA certificate will be used as the Root CA to issue new certificates

 

That means, if I have a Microsoft Root CA, I import the Root CA's certificate along with its private key and then use ClearPass to issue certs on behalf of the Root CA. 

 

Thank you.

 

MVP
Posts: 4,187
Registered: ‎07-20-2011

Re: Imported CA Certificate Authority Settings

Contributor II
Posts: 48
Registered: ‎05-14-2012

Re: Imported CA Certificate Authority Settings

Thanks for the reply but it doesn't answer what I asked

Guru Elite
Posts: 8,208
Registered: ‎09-08-2010

Re: Imported CA Certificate Authority Settings

[ Edited ]

You'll want to import the root CA certificate as is. No private key neceassary. Then you'll want to request an intermediate certificate from MS Certificate Services.

 

If you do the CSR for the intermediate cert inside of ClearPass, you only need to import the signed certificate. If you do the CSR elsewhere, export the private key and import it with the signed cert.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor II
Posts: 48
Registered: ‎05-14-2012

Re: Imported CA Certificate Authority Settings

So basically, Imported CA functions as an Intermediate CA. Is that right?

Guru Elite
Posts: 8,208
Registered: ‎09-08-2010

Re: Imported CA Certificate Authority Settings

If you are not using the built-in CA, yes.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Contributor II
Posts: 48
Registered: ‎05-14-2012

Re: Imported CA Certificate Authority Settings

I guess this is where I get confused. So, for the certificate and the key, do I import the cert for the Intermediate CA and it's private key that I export wherever I generate the CSR.

Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Imported CA Certificate Authority Settings

You have 3 options.

 

1. CPPM is the Root CA

 

You will just be the full PKI

 

2. CPPM is an intermediate to your existing Root CA

 

You will generate a CSR that the existing Root CA will sign then you will import that into CPPM

 

3. You import a Root CA

 

You had a third party create you a Root CA and you import the cert and PKey. 

 

 

From your description I assume you already have an existing Root CA server so you will go through the CSR request in CPPM. Have the Root sign the cert then import it into CPPM. Then Clearpass will now be an intermediate to your Root and had out certs based on your current CA.

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: