Security

last person joined: 2 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Creating new certificate to be used across multiple controllers

Jump to Best Answer
  • 1.  Creating new certificate to be used across multiple controllers

    Posted Aug 12, 2019 01:24 PM

    Hi everyone,

     

    We have a server certfiicate installed on our controllers that is going to be expiring soon.  Today we've been using the same certificate on every controller we spin up since they all point to our CPPM for the captive portal redirect. 

     

    Question I have is, how do I go about creating the CSR to generate a new certificate?  From what I understand, if I generate the CSR on one controller, I can only install the certficate I receive on that one controller and not the others.  Is that correct?  If that is indeed true, how have we been able to install the same, older certficate on brand new controllers we've recently setup?  And what options do we have for creating the CSR then? 



  • 2.  RE: Creating new certificate to be used across multiple controllers
    Best Answer

    Posted Aug 13, 2019 03:25 AM

    You'll need to create the CSR + Private Key on a 3rd party server since when you create a CSR on a Controller you cannot extract the private key. You should consider creating the certificate using OpenSSL or similar to allow you to obtain the private key and install on each Controller. I suspect the existing certificate which is installed on your controller has the private key chained within the cert.



  • 3.  RE: Creating new certificate to be used across multiple controllers

    Posted Aug 13, 2019 08:45 AM

    Thanks for the info guys.  I have followed the openssl method for creating the CSR and private key on a separate system.  The existing, older certificate is a .pem file so you're right that it likely has the private key embedded in it for it to work across all of our controllers.

     

    Cheers!

     



  • 4.  RE: Creating new certificate to be used across multiple controllers

    Posted Aug 13, 2019 05:02 AM

    This ASE solution may help to get the CSR done with OpenSSL.