Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

How to export ClearPass private key?

This thread has been viewed 57 times

  • 1.  How to export ClearPass private key?

    Posted Aug 01, 2017 11:55 AM

    HI all,

     

    Can someone tell me if we can redownload the (CSR and the) Private key after generating them in Clearpass?

     

    Thanks!

     



  • 2.  RE: How to export ClearPass private key?

    EMPLOYEE
    Posted Aug 01, 2017 11:57 AM
    Yes, click Export.


  • 3.  RE: How to export ClearPass private key?

    Posted Aug 01, 2017 12:26 PM

    Hi Tim,

     

    Thanks you are fast :)

     

    The customer did a CSR and copy and pased the CSR key to issue the certificate with the ca. So the private key where not downloaded and imported in clearpass when doing the CSR. When he tryed to download it from the export button, they get the default private key file (they assume) because  the password did not match when importing.

     

    So this was the question.. other option is to regenerate a new CSR and repeat the process. But, im not sure if the generated private key is stored directly in clearpass.

     

    thanks

     

     

     

     



  • 4.  RE: How to export ClearPass private key?

    Posted Aug 01, 2017 12:45 PM
      |   view attached

    Basicaly the question is if you can recover from forgetting to download the Private Key files when generating the CSR.

     

    I copied the content from begin certificate request to end certificate request and used it on the CA's website.

     

    The CA send me a nice certifiate which I'm trying to import. Unfortunatly clearpass is asking for a private key to select which I don't have.

     

    Is there a way to recover? Or do I need to generate a new CSR and purchase a new certificate?

     

    Regards,

     

    Rens

     



  • 5.  RE: How to export ClearPass private key?
    Best Answer

    EMPLOYEE
    Posted Aug 01, 2017 12:49 PM

    Couple of things

     

    • The private key is downloaded with the CSR
    • If you do not download the CSR and key, it cannot be redownloaded until the signed certificate is added
    • It is a general best practice to do CSRs and key generation on an external, secure box
    • Most CAs will allow a re-key without charging you again


  • 6.  RE: How to export ClearPass private key?

    Posted Aug 01, 2017 01:20 PM

    Hello Tim,

     

    Thanks for the reply. I'll contact the CA and ask them how to proceed.

     

    Regards,

     

    Rens



  • 7.  RE: How to export ClearPass private key?

    Posted Aug 19, 2018 09:59 AM
    In 6.7 it only downloads the CSR. I’m not able to import my signed cert because it wants the private key file. I’m importing into the CP server I generated the CSR from.


  • 8.  RE: How to export ClearPass private key?

    EMPLOYEE
    Posted Aug 20, 2018 07:20 AM

    You need to select the option "Upload Certificate and Use Saved Private Key" when you import the signed certificate.

     



  • 9.  RE: How to export ClearPass private key?

    Posted Oct 01, 2018 05:10 AM

    Hi 

     

    ClearPass Policy Manager 6.7.3.106273

     

    1. I am renewing certificates and also changing from GoDaddy to a Commodo server certificate at the same time. I will use the same certificate for HTTP & Radius "is this Ok"? This was done previously by prior IT Manager.

     

    2. Should I upload the intermediate and root CA keys before trying to upload the Commodo Cert?

     

    3. I just want to confirm:

    I did not see the "Download CSR and Private Key Files" button and therefore I just copied the CSR and sent off to CSC who manage our domains and certificates. They will send me a commodo cert. "currently awaiting". As I did not download the Private Key, all I need to do when importing is select an option ""Upload Certificate and Use Saved Private Key"?

     

    3.1 I assume CPPM server has some intelligence to match the none downloaded private key (stored by CPPM?) & provided Commodo cert during import by using the "Use Saved Private Key" option?

     

    Regards

     

    Tony

     

     



  • 10.  RE: How to export ClearPass private key?

    Posted Jul 22, 2021 05:32 AM
    Hi Tony,

    Ever get an answer to this?

    thanks

    ------------------------------
    Ciaran Byrne
    ------------------------------

    Original Message


  • 11.  RE: How to export ClearPass private key?

    EMPLOYEE
    Posted Jul 22, 2021 10:15 AM
    This is an old discussion, and things have changed. What is written above is partially obsolete. Please open a new discussion and describe what your issue is.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message