Security

last person joined: 19 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Comodo Certificates Expiry

  • 1.  Comodo Certificates Expiry

    Posted Jun 01, 2020 04:00 AM
      |   view attached

    Hi, I have been hit by  Comodo AddTrust Root Expiration.

     

    The certificate chain has expired - I know very little about certificates and I wondered if anyone could help restoring the comodo certificate chain.

     

    I can access clearpass because it not has not expired on browsers.  But the access tracker shows nothing because the trust is gone.

     

    Or a work around for it?

     

     



  • 2.  RE: Comodo Certificates Expiry

    Posted Jun 01, 2020 04:04 AM

    If the current certificate is signed by the Root CA (which I suspect it is) you will also need to renew the certificate via Comodo too.

     

    You can download the current Root & Intermediate CAs from Comdo for below, these will need to be uploaded to CPPM prior uploading a new certificate.

     

    https://support.comodo.com/index.php?/comodo/Knowledgebase/List/Index/75/instantsslenterprisesslintranetssl

     

    There is an excellent Tech Note regarding certificates which details how to obtain a CSR, certificate types and the best practices for different CPPM deployments.

     

    CPPM - Certificates 101 Technote V1.2.pdf 

     

    *EDIT* - Added correct Tech Note link



  • 3.  RE: Comodo Certificates Expiry

    Posted Jun 01, 2020 04:14 AM

    Hello

     

    I am afraid that link takes you to the old certificates that have expired. I am confused.

     

     



  • 4.  RE: Comodo Certificates Expiry

    Posted Jun 01, 2020 04:16 AM

    Have you reached out to Comodo then to request the new Root/Intermediate certs? Once you have these certs, Comodo will need to sign your certificate in order for it to be valid.



  • 5.  RE: Comodo Certificates Expiry

    Posted Jun 01, 2020 06:41 AM

    Comodo now known as sectigo, now uses a 3 step certificate chain instead of four.  After the 30th of may the old certificates are no longer valid.

     

    Managed to put the three certificates into a new certificate chain and imported it into clearpass.

    The subscriber needed a services restart but back to normal again.

     

    Browsers and devices usually handle this themselves, but you have to do it manually on clearpass.

    I live and learn

    Thanks!

     

    PS Thanks TAC team 



  • 6.  RE: Comodo Certificates Expiry

    Posted Jun 01, 2020 06:56 AM

    Glad to hear it is sorted!