Security

Hi All,

I was under the impression that in 6.10  a server backup also backed  up the certificates installed on the machine.

Just upgraded a server from 6.10.1 -> 6.10.2 and did a config backup

Built a new 6.10.2 VM differnt IP address

Restored the config to it - no certs restored

Was 6.10 supposed to backup/restore certs ?
A

------------------------------
Alex Sharaz
------------------------------

Certificates are not part of a ClearPass backup (or not of the restore, but end result is the same). Other well-known things that are not part of the CPPM backup are the domain join and licenses.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Oct 12, 2021 12:01 PM
From: Alex Sharaz
Subject: clearpass 6.10 backup of certs

Hi All,

I was under the impression that in 6.10  a server backup also backed  up the certificates installed on the machine.

Just upgraded a server from 6.10.1 -> 6.10.2 and did a config backup

Built a new 6.10.2 VM differnt IP address

Restored the config to it - no certs restored

Was 6.10 supposed to backup/restore certs ?
A

------------------------------
Alex Sharaz
------------------------------

This is why certs don't belong in backups: horizon3ai/vcenter_saml_login: A tool to extract the IdP cert from vCenter backups and log in as Administrator (github.com)

------------------------------
Tim C
------------------------------

Original Message:
Sent: Oct 12, 2021 12:01 PM
From: Alex Sharaz
Subject: clearpass 6.10 backup of certs

Hi All,

I was under the impression that in 6.10  a server backup also backed  up the certificates installed on the machine.

Just upgraded a server from 6.10.1 -> 6.10.2 and did a config backup

Built a new 6.10.2 VM differnt IP address

Restored the config to it - no certs restored

Was 6.10 supposed to backup/restore certs ?
A

------------------------------
Alex Sharaz
------------------------------

Ok good reason :-)

Following on from that , also thought I’d read that 6.10 purges endpoints “N” days after last seen on network instead of 1st seen. Which makes more sense
Hi Sent from my iPhone


Original Message:
Sent: 10/13/2021 8:05:00 AM
From: timms
Subject: RE: clearpass 6.10 backup of certs

This is why certs don't belong in backups: horizon3ai/vcenter_saml_login: A tool to extract the IdP cert from vCenter backups and log in as Administrator (github.com)

------------------------------
Tim C
------------------------------

Original Message:
Sent: Oct 12, 2021 12:01 PM
From: Alex Sharaz
Subject: clearpass 6.10 backup of certs

Hi All,

I was under the impression that in 6.10  a server backup also backed  up the certificates installed on the machine.

Just upgraded a server from 6.10.1 -> 6.10.2 and did a config backup

Built a new 6.10.2 VM differnt IP address

Restored the config to it - no certs restored

Was 6.10 supposed to backup/restore certs ?
A

------------------------------
Alex Sharaz
------------------------------