Security

last person joined: 19 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Imported CA Certificate Authority Settings

Jump to Best Answer
  • 1.  Imported CA Certificate Authority Settings

    Posted Feb 19, 2014 11:57 AM

    I was looking for more information on how to set up an Imported CA on ClearPass but there is not much in the user guide. Can someone please confirm the statement below:

     

    Imported CA: You will import the certificate public and private key files into Clearpass and this CA certificate will be used as the Root CA to issue new certificates

     

    That means, if I have a Microsoft Root CA, I import the Root CA's certificate along with its private key and then use ClearPass to issue certs on behalf of the Root CA. 

     

    Thank you.

     



  • 2.  RE: Imported CA Certificate Authority Settings



  • 3.  RE: Imported CA Certificate Authority Settings

    Posted Feb 19, 2014 12:37 PM

    Thanks for the reply but it doesn't answer what I asked



  • 4.  RE: Imported CA Certificate Authority Settings

    Posted Feb 19, 2014 12:40 PM

    You'll want to import the root CA certificate as is. No private key neceassary. Then you'll want to request an intermediate certificate from MS Certificate Services.

     

    If you do the CSR for the intermediate cert inside of ClearPass, you only need to import the signed certificate. If you do the CSR elsewhere, export the private key and import it with the signed cert.



  • 5.  RE: Imported CA Certificate Authority Settings

    Posted Feb 19, 2014 12:47 PM

    So basically, Imported CA functions as an Intermediate CA. Is that right?



  • 6.  RE: Imported CA Certificate Authority Settings

    Posted Feb 19, 2014 12:49 PM

    If you are not using the built-in CA, yes.



  • 7.  RE: Imported CA Certificate Authority Settings

    Posted Feb 19, 2014 01:01 PM
      |   view attached

    I guess this is where I get confused. So, for the certificate and the key, do I import the cert for the Intermediate CA and it's private key that I export wherever I generate the CSR.



  • 8.  RE: Imported CA Certificate Authority Settings
    Best Answer

    Posted Feb 19, 2014 11:34 PM

    You have 3 options.

     

    1. CPPM is the Root CA

     

    You will just be the full PKI

     

    2. CPPM is an intermediate to your existing Root CA

     

    You will generate a CSR that the existing Root CA will sign then you will import that into CPPM

     

    3. You import a Root CA

     

    You had a third party create you a Root CA and you import the cert and PKey. 

     

     

    From your description I assume you already have an existing Root CA server so you will go through the CSR request in CPPM. Have the Root sign the cert then import it into CPPM. Then Clearpass will now be an intermediate to your Root and had out certs based on your current CA.