10-02-2013 07:16 AM
I created a new CA in ClearPass, rather than using an intermediate CA or importing a CA. For a while I was getting warnings in Guest, letting me know that the recommendation was to use a 3rd party certficate that would be trusted by iOS. I clicked the 'how to fix this' button, and it said that provisioning or authentication may fail by using a self-signed CA. Also, I think it said it wouldn't work for a cluster environment, which I have.
I want to understand the requirement/recommendation for using a 3rd party cert for onboarding if there are any.
Is it okay to make ClearPass Root CA in a cluster environment?
Am I losing anything by not importing a Root CA or Intermdiate CA?
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users.
10-02-2013 03:16 PM
The issue is that if the IOS device doesn't trust the SSL cert presented by the web browser then Onboarding will fail. You will need a publicly signed cert for the CPPM side. Or you have to push out all the certs manually to each device.
For example in my lab I have a publicly signed cert in CPPM and in my onboarding I use a selfsigned or I'm using an itermedate based on my AD.
--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.
--Problem Solved? Click "Accepted Solution" in a post.