Security

Reply
Occasional Contributor I
Posts: 6
Registered: ‎08-06-2016

SHA2 certificate upgradation in CPPM

Hi,

   We are planning for a Server certificate migration from SHA 1 to SHA 256.

  I am totally new to this and have no idea about how to set this up,

Can i get some good tips to do this activity.

We currently have our Server running with SHA1.All clients are using SHA 1 for authentication.

 

Thanks in advance.

 

Regards

Guru Elite
Posts: 20,015
Registered: ‎03-29-2007

Re: SHA2 certificate upgradation in CPPM

Your question is very open-ended.  What encryption and authentication are your clients using?  

 

Information on how to import a new server certificate on clearpass is here:  http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/index.htm#CPPM_UserGuide/Admin/ServerCertificateHelp.html

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Guru Elite
Posts: 20,015
Registered: ‎03-29-2007

Re: SHA2 certificate upgradation in CPPM

Your question is very open-ended.  What encryption and authentication are your clients using?  

 

Information on how to import a new server certificate on clearpass is here:  http://www.arubanetworks.com/techdocs/ClearPass/Aruba_CPPMOnlineHelp/index.htm#CPPM_UserGuide/Admin/ServerCertificateHelp.html

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Occasional Contributor I
Posts: 6
Registered: ‎08-06-2016

Re: SHA2 certificate upgradation in CPPM

Thanks Collin for sharing the info.

For the missing info below are the points:

* Currently the endpoits are using SHA1

* Currently Client is using RADIUS authentication.

* I am not aware how to find the encryption, ur guidenece will be helpful

 

I have few other doubts also:

 

* If we import SHA2 certificate in CPPM will the CPPM still uses SHA1 for endpoints not having SHA2 installed?

* Also how to verify SHA2 migration is succesful and working succesfully

* How to Roll back if my SHA2 migration fails in CPPM

 

Thanks in advance

 

 

 

Guru Elite
Posts: 20,015
Registered: ‎03-29-2007

Re: SHA2 certificate upgradation in CPPM

In General:

 

- The important thing is that your clients trust the new server certificate.  Whoever setup the system would know what mechanism they use to configure clients trusting the server certificate.

- If you configure a SHA-2 certificate on CPPM, that is what clients will be using.

- You should export the current ClearPass radius server certificate, so that you can import it later, just in case the import of the SHA-2 certificate does not work.

 

Please contact Aruba TAC to work out the specifics of what you are trying to do, to ensure a successful migration.

Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Validated Reference Design Guides : http://community.arubanetworks.com/t5/Validated-Reference-Design/tkb-p/Aruba-VRDs
Search Airheads
Showing results for 
Search instead for 
Did you mean: