Security

Hi,

   We are planning for a Server certificate migration from SHA 1 to SHA 256.

  I am totally new to this and have no idea about how to set this up,

Can i get some good tips to do this activity.

We currently have our Server running with SHA1.All clients are using SHA 1 for authentication.

Thanks in advance.

Regards

Your question is very open-ended.  What encryption and authentication are your clients using?  

Information on how to import a new server certificate on clearpass is here:  http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/index.htm#CPPM_UserGuide/Admin/ServerCertificateHelp.html

Thanks Collin for sharing the info.

For the missing info below are the points:

* Currently the endpoits are using SHA1

* Currently Client is using RADIUS authentication.

* I am not aware how to find the encryption, ur guidenece will be helpful

I have few other doubts also:

* If we import SHA2 certificate in CPPM will the CPPM still uses SHA1 for endpoints not having SHA2 installed?

* Also how to verify SHA2 migration is succesful and working succesfully

* How to Roll back if my SHA2 migration fails in CPPM

Thanks in advance

In General:

- The important thing is that your clients trust the new server certificate.  Whoever setup the system would know what mechanism they use to configure clients trusting the server certificate.

- If you configure a SHA-2 certificate on CPPM, that is what clients will be using.

- You should export the current ClearPass radius server certificate, so that you can import it later, just in case the import of the SHA-2 certificate does not work.

Please contact Aruba TAC to work out the specifics of what you are trying to do, to ensure a successful migration.

Your question is very open-ended.  What encryption and authentication are your clients using?  

Information on how to import a new server certificate on clearpass is here:  http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/index.htm#CPPM_UserGuide/Admin/ServerCertificateHelp.html