Security

last person joined: 2 days ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Clearpass 6.6.8 issues with adding new RADIUS certs.

Jump to Best Answer
This thread has been viewed 14 times
  • 1.  Clearpass 6.6.8 issues with adding new RADIUS certs.

    Posted Jan 05, 2018 02:19 PM

    RADIUS cert are about to become invalid.  Trying to add new cert from CA server.  When creating new CSR for CPPM, no problem until importing back into CPPM.  There seems to be a problem with the certPrivKey.  It states that the certPkey does not match.  Please the clients are getting an TLS Handshake failed in SSL_read with error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown_ca.  We have tried several CA certs to no avail.



  • 2.  RE: Clearpass 6.6.8 issues with adding new RADIUS certs.

    Posted Jan 05, 2018 04:32 PM

    Did you create the CSR on ClearPass? I have never had a problem with importing a cert before on any CPPM version.

     

    I always create the CSR offline with OpenSSL. Get the CSR signed by the CA and import the certificate with the private key back.

     

    You can use my personal blog to create the CSR, get it signed and optionally create a PFX cert - OpenSSL for CSR generation



  • 3.  RE: Clearpass 6.6.8 issues with adding new RADIUS certs.
    Best Answer

    Posted Jan 09, 2018 11:34 AM

    I found our issue!  The new DoD cert has a bad naming convention at the root.  I discovered it with the help of the TAC.  I also found that within a cluster the publisher pass all inforamtion to all subscribers.  Neat!