Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Why is ubuntu asking for private key for TLS cert?

This thread has been viewed 1 times

  • 1.  Why is ubuntu asking for private key for TLS cert?

    Posted Nov 14, 2017 08:35 PM
      |   view attached

    Hi Forum,

     

    I'm trying to manually onboard an ubuntu machine by creating the cert on clearpass and export that client cert and install it on the end device.

    When I enable dot1x on the ubuntu settings (see attached) the machine is asking my for "private key" and password. I'm not sure what those are or how to get them.

     

    Has anyone seen this before?! 

    Oh and I can leave them blank. I need a value/file there or else the save button is graied out.



  • 2.  RE: Why is ubuntu asking for private key for TLS cert?

    EMPLOYEE
    Posted Nov 14, 2017 08:38 PM
    In order to use a certificate, the client must have the private key. When exporting the certificate from ClearPass, you'll be prompted for the format. You should export a p12/pfx key pair and set the private key protection password to a strong value. You would then use that when importing in Ubuntu.


  • 3.  RE: Why is ubuntu asking for private key for TLS cert?

    Posted Nov 20, 2017 09:45 PM

    Tim, thanks for the help.

    When I click on the cert field on mu linux to import the cert, it only accepts formats DER and PEM.

    Plus when you export the cert from CPPM as a P12, the key is inside the cert where the linux is asking for the key to be a separate file! any ideas how to de-attach the key from the cert?!



  • 4.  RE: Why is ubuntu asking for private key for TLS cert?
    Best Answer

    EMPLOYEE
    Posted Nov 20, 2017 09:47 PM

    openssl pkcs12 -in {{pfx-file}} -out key.key -nocerts -nodes