Hi, I have been hit by Comodo AddTrust Root Expiration.
The certificate chain has expired - I know very little about certificates and I wondered if anyone could help restoring the comodo certificate chain.
I can access clearpass because it not has not expired on browsers. But the access tracker shows nothing because the trust is gone.
Or a work around for it?
If the current certificate is signed by the Root CA (which I suspect it is) you will also need to renew the certificate via Comodo too.
You can download the current Root & Intermediate CAs from Comdo for below, these will need to be uploaded to CPPM prior uploading a new certificate.
There is an excellent Tech Note regarding certificates which details how to obtain a CSR, certificate types and the best practices for different CPPM deployments.
CPPM - Certificates 101 Technote V1.2.pdf
*EDIT* - Added correct Tech Note link
I am afraid that link takes you to the old certificates that have expired. I am confused.
Have you reached out to Comodo then to request the new Root/Intermediate certs? Once you have these certs, Comodo will need to sign your certificate in order for it to be valid.
Comodo now known as sectigo, now uses a 3 step certificate chain instead of four. After the 30th of may the old certificates are no longer valid.
Managed to put the three certificates into a new certificate chain and imported it into clearpass.
The subscriber needed a services restart but back to normal again.
Browsers and devices usually handle this themselves, but you have to do it manually on clearpass.
I live and learn
PS Thanks TAC team
Glad to hear it is sorted!
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.