Wireless Access

Reply
Occasional Contributor II
Posts: 29
Registered: ‎08-06-2013

Clearpass Server Certificate is expiring

Hi Community,

 

I wanted to inquire about any documentation regarding how to renew expiring clearpass server certificate. Also, I need to know what would be the impact/risk if an internal CA is used once the cert expires.

 

Thanks

 

Oliver

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Clearpass Server Certificate is expiring


oliverm wrote:

Hi Community,

 

I wanted to inquire about any documentation regarding how to renew expiring clearpass server certificate. Also, I need to know what would be the impact/risk if an internal CA is used once the cert expires.

 

Thanks

 

Oliver


To renew the certificate, you need to generate a new CSR under Administration> Certificates > Server Certificate

 

You don't want the certificate to expire, because in general, alot of clients will refuse to connect to an expired certficate.

 

If you have a public certificate right now and you switch to a private certificate, as long as all of your clients trust it, you will be fine from a 802.1x perspective.  On the other hand, since the same certificate is used for guest access, clients that are not part of your domain will not trust that certificate and they will get a trust errror when hitting your guest portal.  If you renew with a public certificate, just make sure that all of your clients trust their CA (you can ask the CA if all your clients do) and you *should* be fine.  If your clients are configured to ONLY trust that specific server certificate or CA for , you could have issues..  First find out if "Validate Server Certificate" is configured on your wireless clients and see what is or is not checked...

 

 

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 29
Registered: ‎08-06-2013

Re: Clearpass Server Certificate is expiring

Hi,

 

Thanks for the response. The default clearpass cert, is it a public cert?

 

Thanks

 

Oliver

Guru Elite
Posts: 21,270
Registered: ‎03-29-2007

Re: Clearpass Server Certificate is expiring

[ Edited ]

It is not.  If you look under Administration> Certificates> Server Certificate, it should tell you what you are working with.  Please work with TAC to determine what your true options are if you are close to making a change.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Occasional Contributor II
Posts: 29
Registered: ‎08-06-2013

Re: Clearpass Server Certificate is expiring

Thanks alot for the response. :smileyhappy:

 

 

Oliver 

Search Airheads
Showing results for 
Search instead for 
Did you mean: