Wireless Access

Reply
Occasional Contributor II

Issues updating Clearpass HTTPS cert

Looking for possible things to check as Im scratching my head with this a bit.

We have bought a server cert which I have chained in the order root->Intermediate->server cert

I have checked the the 'Begin Certificate' and 'End certificate' statements are correct

 

Whenever I try to import the certificate and key, I get the following message

Failed to convert certificate to X509 PEM format. Accepted formats are .pem, .cer, .crt, .der, .p7b

 

It is in .crt format so what are the other causes that could be causing the issue?

 

 

Re: Issues updating Clearpass HTTPS cert

Hey, try uploading the individual Root + Intermediate certs first (don't forget to enable them as well!) then upload the certificate (on its own) afterwards.

 

If you have issues converting the cert, try the below:

 

https://www.sslshopper.com/ssl-converter.html


ACMA, ACMP, ACSA
If my post addresses your query, give kudos:)
Occasional Contributor II

Re: Issues updating Clearpass HTTPS cert

Im guessing that both the intermediate and root certs go in the 'Trust' section?

Im trying to remember why we started chaining our certs, I think it was an IOS issue at the time, I will have to look back...

Guru Elite

Re: Issues updating Clearpass HTTPS cert

You should ALWAYS chain your certs.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: Issues updating Clearpass HTTPS cert

OK I have re-chained the cert in Vi, and I have now added it via the GUI.

I get no error message, if fact I get a 'success' confirmation at the top of the screen.

But when I refresh the page the new chained cert is not applied, and I can't see any of the new cert details in the trust list either...

Contributor I

Re: Issues updating Clearpass HTTPS cert

Did you try it with the .pem extension? I usually chain CRT files to a pem for clearpass. (same process: just copy paste in notepad)

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: