Let me correct myself, if I wasn't clear. You should NOT import the ClearPass HTTPS Server certificate as your trust-anchor. You should import the Root CA that signed your HTTPS certificate. ClearPass will give you just that, if you fetch the certificate from that URL. That one should work, and if it doesn't check the PEM file for it contents, for example by importing it into your computer so you can view the contents.
If you export your server certificate and mention that you got multiple certs and importing the second worked, that is expected, as you export in order the server certificate itself (which will not work), and the intermediate certificates. You can import an intermediate cert as well, but that is not a root cert, but will work (but may give complications later).
Please work with your partner or Aruba support, as it is important to get this done right.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jun 20, 2021 11:33 AM
From: Choh Koon Tan
Subject: AOS CX Switch Failed Install Certificate - DUR
I really don't know what certificate was retrived from http://10.x.x.x/.well-known/aruba/clearpass/https-root.pem.
I follow your info that the certificate require basically is https server certificate.
I export out the HTTPS certificate to .PEM.
Then I copy paste it onto switch ta-certificate , it works.
** there are 3 certificates in exported .PEM , first one I copy/paste it failed to install. The the second certificate (i think it is intermidiate CA) and it works .
------------------------------
Choh Koon Tan
Original Message:
Sent: Jun 17, 2021 11:04 AM
From: Herman Robers
Subject: AOS CX Switch Failed Install Certificate - DUR
The message indicates that the certificate that you try to upload, is not a CA certificate. This may be the case if you have a self-signed certificate for HTTPS on your ClearPass.
Did you validate that certificate that you downloaded as https-root.pem (and uploaded as TA), that it is actually the RootCA that signed your HTTPS server certificate? You should be able to import it in Windows or Mac (keychain) and validate what is in it, and if it has the ca:true field (which all roots should have).
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
Original Message:
Sent: Jun 15, 2021 09:55 PM
From: Choh Koon Tan
Subject: AOS CX Switch Failed Install Certificate - DUR
ClearPass Policy Manager 6.9.5.131053
-----------------------------------------------------------------------------
ArubaOS-CX
(c) Copyright 2017-2021 Hewlett Packard Enterprise Development LP
-----------------------------------------------------------------------------
Version : ML.10.06.0101
Build Date : 2021-02-28 17:31:44 PST
Build ID : ArubaOS-CX:ML.10.06.0101:f197b0b27572:202103010059
Build SHA : f197b0b27572722305744111dc8e7502e35d771f
Active Image : primary
Service OS Version : ML.01.07.0001
BIOS Version : FL.01.0003
------------------------------
Choh Koon Tan
Original Message:
Sent: Jun 14, 2021 05:10 PM
From: Alexis La Goutte
Subject: AOS CX Switch Failed Install Certificate - DUR
What release of CPPM ?
------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...
PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)
PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..
ACEP / ACMX #107 / ACDX #1281
Original Message:
Sent: Jun 13, 2021 07:55 AM
From: Choh Koon Tan
Subject: AOS CX Switch Failed Install Certificate - DUR
Hi Alagoutte
Radius and public SSL certificate.
Do you mean I need to create self-signed certificate ?
Curious is what certificate I retrive via http://10.x.x.x/.well-known/aruba/clearpass/https-root.pem
------------------------------
Choh Koon Tan
Original Message:
Sent: Jun 12, 2021 10:07 AM
From: Alexis La Goutte
Subject: AOS CX Switch Failed Install Certificate - DUR
What do you have on the certificat ? (it is self signed ?)
------------------------------
PowerArubaSW : Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP...
PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...)
PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)..
ACEP / ACMX #107 / ACDX #1281
Original Message:
Sent: Jun 12, 2021 07:48 AM
From: Choh Koon Tan
Subject: AOS CX Switch Failed Install Certificate - DUR
I follow the video to install the root certificate.
Failed when installing it on the CX switch with error message.
"A signer certificate is not set for signing in its Key Usage extension. Not accepted."
I follow this video Aruba Dynamic Segmentation on AOS-CX: downloadable user roles| YouTube | remove preview |
| | Aruba Dynamic Segmentation on AOS-CX: downloadable user roles | | In this video you will learn how to setup downloadable user roles on AOS-CX. The video also shows you how to setup the configuration on ClearPass, and this i... | | View this on YouTube > |
|
|
------------------------------
Choh Koon Tan
------------------------------