01-06-2014 12:15 PM
using ClearPass 6.2.x and wondering if i can somehow configure multiple server certificates (i.e. one for radius, one for https (guest) or different ones for radius) or if it is one server certificate used for everything?
09-16-2016 05:48 AM
Just tried on the latest ovf, can't do it. I'm trying to get 802.1x authentication EAP-TLS for multiple Active Directories, which requires the RADIUS server to have a signed certificate from each of the domain's SubCAs. Any workarounds? I've added and bound the CPPM to each of the ADs, but can only authenticate the one which the CPPM has a matching RADIUS server certificate.
09-16-2016 05:50 AM
09-16-2016 07:10 AM
Should be able to in what way? EAP-TLS requires mutual authentication, so the CPPM's certificate has to chain to the client's trusted root CA. Which is why EAP times out when I try to connect a client when a certificate from another domain is installed on the CPPM.
09-16-2016 07:18 AM
09-16-2016 09:22 AM
Ah, that's the ticket.
I saw your post on another board adressing this as well.
So it should work if the server trusts the client's CA and the client trusts the CPPM's CA. I'll have to figure out why my EAP is timing out when the CPPM has the client's CA in it's trusted store and the client has the CPPM's CA in it's trusted store, but it works when the client and CPPM have certificates issued from the same CA.