Security

Reply
Aruba
Posts: 1,285
Registered: ‎08-29-2007

Onboard CPPM as intermediate - what template to sign csr

Hi,

 

I'm trying to setup Clearpass for onboarding as an Intermediate CA.  Have generated the CSR, but wondering what sort of template needs to sign this from a Microsoft CA?

 

The error I'm getting is 'Certificate is not a CA'.

 

 


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
MVP
Posts: 287
Registered: ‎11-04-2008

Re: Onboard CPPM as intermediate - what template to sign csr

Me too, ClearPass 6.3.

 

I have tried with both User and Web Server templates, but same error "Certificate is not a CA"

~Trinh Nguyen~
Boys Town
Aruba
Posts: 1,537
Registered: ‎06-12-2012

Re: Onboard CPPM as intermediate - what template to sign csr

You need to make sure the account you use to log into the cert srv page has the correct rights. You need to reqest a sub ca.

 

Here is what it should look like if you have the full admin rights.

 

Screen Shot 2014-08-31 at 11.23.04 PM.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP
Posts: 505
Registered: ‎05-11-2011

Re: Onboard CPPM as intermediate - what template to sign csr

Just to add a few thoughts in addition to what tarnold said.

 

Make sure the user you are requesting the certificate with have the Enroll security access on the template.

  • MMC CA console -> Certificate Templates -> Right-click Sub CA Template / Properties / Security. Verify that the user you are logged in with have Enroll properties
  • If OK - try to run the browser with Run as command to get the Domain Admin access, unless you have the rights on your user 

Make sure the template is actually Published.

  • MMC CA console -> <name-of-ca-server> -> Certificate Templates
  • Is it listed here? If not - Expand <name-of-CA> and right-click the Certificate Templates folder -> choose New / Certificate Template to Issue. Select the Subordinate CA template and click OK

 

 


Regards
John Solberg

-ACMX #316 :: ACCP-
Intelecom - Norway
----------------------------
Remember to Kudo if a post helped you! || Problem Solved? Click "Accept as Solution" in a post!
MVP
Posts: 287
Registered: ‎11-04-2008

Re: Onboard CPPM as intermediate - what template to sign csr

[ Edited ]

Kudos both tarnold and jsolb. Good solution and advise

~Trinh Nguyen~
Boys Town
Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: Onboard CPPM as intermediate - what template to sign csr

ok, finally got back round to having a go at this, and having some probs.

 

Customer has signed the request with the subordinate template.

 

So I click on 'Install certificate'

clearpass-intermediate CA.jpg

 

And then try to import it, but it just gives this error.

 

clearpass- ca import.jpg


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: Onboard CPPM as intermediate - what template to sign csr

ok, the original CSR was generated many weeks ago and seems there is a timeout.

 

I deleted the CA and then started again, and then the import worked fine.  :-)


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Search Airheads
Showing results for 
Search instead for 
Did you mean: