05-17-2016 03:19 AM - edited 05-18-2016 08:30 PM
This is my first experience deploying Clearpass Onboard. I have a setup where Clearpass is integrated with Aruba controller and it's Onboard module generate client certificate for EAP-TLS. The client device are iPads.
We want to use public cert and run Clearpass CA as Intermediate CA. We created a new Intermediate CA and generated CSR to be signed.
Am I missing something for this scenario?
Solved! Go to Solution.
05-18-2016 12:28 AM
That will not work, no public CA will sign your intermediate as that effectively breaks the SSL trust model.
Please read the document "CPPM - Certificates 101 Technote V1.2" from:
In short: the certificates that ClearPass Onboard issues as client certificates do not need any public trust as these are only used to validate the client on the network.
So use the built-in CA for issueing the client certificates, use a public trusted CA for your HTTPS Server certificate on the ClearPass server and the used RADIUS certificate depends on circumstances and can be either a public or private certificate.
If you have urgent issues, please contact your Aruba partner or Aruba TAC.