Security

 View Only
last person joined: 12 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass EST service not enabled?

This thread has been viewed 35 times
  • 1.  Clearpass EST service not enabled?

    Posted Mar 18, 2022 10:40 AM
    Edit: Seems to be a known issue for each new Clearpass install.
    TAC is troubleshooting the issue right now.

    Hello,

    I'm trying to enroll client certificates via EST and created a Root CA on clearpass where the EST option is checked:

    As soon I try to request it with a client that already imported the HTTPS certificate of my Clearpass root CA successfully, the client can't reach it. The BYOD Operator user was configured already, adding it to the URL doesn't help. There is no EST request seen on the Clearpass, the switch doesn't get a reply.

    Now I tried to open the URL in my web browser to see if it's responding. I get following output:

    I know that I can't request a certificate via my web browser, I only use it to validate if EST is replying.
    For the same CA SCEP is configured which is working successfully without any issues.

    Did I forget to enable a global EST option?
    Would be great to get some help.

    Best regards


  • 2.  RE: Clearpass EST service not enabled?

    Posted Mar 23, 2022 10:35 AM
    Hello,

    I'm still looking for a solution, since EST still seems disabled.
    After creating a new CA with EST enabled, I see following error in the application Application Log:


    My CA configuration tells me it's enabled:



  • 3.  RE: Clearpass EST service not enabled?

    Posted May 12, 2022 03:22 PM
    For anyone having the same issue: It seems to be the default behavior for every new Clearpass install based on 6.9.x and 6.10.x

    I'm in contact with TAC regarding a solution and I'm waiting for their response.