@oliverm wrote:
Hi Community,
I wanted to inquire about any documentation regarding how to renew expiring clearpass server certificate. Also, I need to know what would be the impact/risk if an internal CA is used once the cert expires.
Thanks
Oliver
To renew the certificate, you need to generate a new CSR under Administration> Certificates > Server Certificate
You don't want the certificate to expire, because in general, alot of clients will refuse to connect to an expired certficate.
If you have a public certificate right now and you switch to a private certificate, as long as all of your clients trust it, you will be fine from a 802.1x perspective. On the other hand, since the same certificate is used for guest access, clients that are not part of your domain will not trust that certificate and they will get a trust errror when hitting your guest portal. If you renew with a public certificate, just make sure that all of your clients trust their CA (you can ask the CA if all your clients do) and you *should* be fine. If your clients are configured to ONLY trust that specific server certificate or CA for , you could have issues.. First find out if "Validate Server Certificate" is configured on your wireless clients and see what is or is not checked...