Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

How to verify if certs are in used or needs to be renew?

This thread has been viewed 15 times
  • 1.  How to verify if certs are in used or needs to be renew?

    Posted Oct 18, 2021 10:29 AM
    Hi All,

    I am being prompted to renew one of the certs in CPPM which is expiring in 3 months time. As checked, this cert is listed in Certificates > Trust List and is in enabled state and the usage is EAP, Others.

    But under the Certificates > Certificate Store > Server Certificates tab, none of our CPPM boxes certs under "Radius/EAP", "HTTPS", "RadSec" and "Database" usage are expiring in 3 months time.

    Does that mean we are not using the cert ?


    ------------------------------
    Vincent C
    ------------------------------


  • 2.  RE: How to verify if certs are in used or needs to be renew?

    Posted Oct 18, 2021 06:29 PM
    Hi Vincent,

    Just check (depending on your version) the service certificates tab also - it's in the same place as your server certificates if available in your version of CPPM. I just recently renewed a service certificate (and deleted the expired one) and the expiry warning persisted until I rebooted. This may have been because I had not detached it from the service prior to removal however. 

    It is possible to import trusted certificates. If it's not one associated to your server certificates then you might have to get creative in order to source a renewed one.

    Is CPPM up to date?


  • 3.  RE: How to verify if certs are in used or needs to be renew?

    Posted Oct 20, 2021 08:07 AM
    ClearPass should tell which cert is about to expire:



    In this case, I need to renew the Radius Server Cert and the RadSec Server Certificate.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------