Wireless Access

Reply
Occasional Contributor II

Clearpass Server Certificate is expiring

Hi Community,

 

I wanted to inquire about any documentation regarding how to renew expiring clearpass server certificate. Also, I need to know what would be the impact/risk if an internal CA is used once the cert expires.

 

Thanks

 

Oliver

Guru Elite

Re: Clearpass Server Certificate is expiring


oliverm wrote:

Hi Community,

 

I wanted to inquire about any documentation regarding how to renew expiring clearpass server certificate. Also, I need to know what would be the impact/risk if an internal CA is used once the cert expires.

 

Thanks

 

Oliver


To renew the certificate, you need to generate a new CSR under Administration> Certificates > Server Certificate

 

You don't want the certificate to expire, because in general, alot of clients will refuse to connect to an expired certficate.

 

If you have a public certificate right now and you switch to a private certificate, as long as all of your clients trust it, you will be fine from a 802.1x perspective.  On the other hand, since the same certificate is used for guest access, clients that are not part of your domain will not trust that certificate and they will get a trust errror when hitting your guest portal.  If you renew with a public certificate, just make sure that all of your clients trust their CA (you can ask the CA if all your clients do) and you *should* be fine.  If your clients are configured to ONLY trust that specific server certificate or CA for , you could have issues..  First find out if "Validate Server Certificate" is configured on your wireless clients and see what is or is not checked...

 

 

 

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor II

Re: Clearpass Server Certificate is expiring

Hi,

 

Thanks for the response. The default clearpass cert, is it a public cert?

 

Thanks

 

Oliver

Guru Elite

Re: Clearpass Server Certificate is expiring

It is not.  If you look under Administration> Certificates> Server Certificate, it should tell you what you are working with.  Please work with TAC to determine what your true options are if you are close to making a change.

******************
Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.
******************
Occasional Contributor II

Re: Clearpass Server Certificate is expiring

Thanks alot for the response. :smileyhappy:

 

 

Oliver 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: