Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Certificate request

Jump to Best Answer
This thread has been viewed 1 times
  • 1.  Certificate request

    Posted Jun 11, 2013 01:03 PM

    Hello

    Im trying to do a certificate Request from the Clearpass but im unable to do it.

     

    What i want is that the Clearpass has a for example a machine certificate of an existing  CA so when i try to authenticate users using clearpass as the NPS clients can authenticate correctly... as i need a machine certificate on the clearpass to make it work, or at least thats how it works with windows NPS it needs a server certificate which i do the request and then install it on the NPS windows server...

     

    What im doing

    Im trying to Generated Certificate Signing Request so i can use that to request the certificate and get a certificate for my Clearpass so then the 802.1x EAP PEAP can work properly.


    When i try to create the request i get a null value


    Like this Certificate.JPG

     

    I am doing it incorrectly?

     

    I want to stop using my windows NPS and start using the clearpass as NPS.

     

    Cheers

    Carlos



  • 2.  RE: Certificate request

    Posted Jun 11, 2013 01:13 PM

    If you have an existing NPS certificate that you want to use with ClearPass, you will need to export that certiicate and private key into separate files and then import them. Creating a certificate request is for requesting a brand new certificate.



  • 3.  RE: Certificate request

    Posted Jun 11, 2013 01:19 PM

    Okay i guess that can work!

    But if i didnt have that certificate and i needed to request a new one, how can i do it?



  • 4.  RE: Certificate request

    Posted Jun 11, 2013 01:29 PM

    Hello Again Avidal...

    The admin set that the certifcate cannot be exported for security reasons so i need by force to do a certificate request...

     

    Any idea of this?[



  • 5.  RE: Certificate request

    Posted Jun 11, 2013 01:31 PM

    You will need to proceed on your original path of creating a certificate request. Make sure you fill in all of the fields in the form. I suspect that is why you are getting the error. Make sure that your CN is an FQDN also.



  • 6.  RE: Certificate request

    Posted Jun 11, 2013 02:24 PM

    I just tested this in 6.1 and it doesnt care that I only fill out a CN and the password. I get no null error. Please open a case with TAC to investigate.



  • 7.  RE: Certificate request

    Posted Jun 11, 2013 03:26 PM

    Which version are you using? I have also seen this behavior with one of the first ClearPass 6.1 versions; the GUI would respond very poorly because the ClearPass server does not have direct internet access. You should upgrade to the latest patch available.



  • 8.  RE: Certificate request

    Posted Jun 11, 2013 03:31 PM

    Correct. There was a bug in the first release which the admin patch fixed. If you don't have internet access to that appliance you will need to download the patch and host it locally and run the CLI upgrade. 

     

    system update -i http://xxxxxx.xxx/patchname.bin



  • 9.  RE: Certificate request

    Posted Jun 11, 2013 06:48 PM

    Im running ClearPass Policy Manager 6.1.0.50961 on CP-SW-EVAL platform

    I guess thats the lastest one? or im wrong?

     

     

    Cheers

    Carlos



  • 10.  RE: Certificate request

    Posted Jun 11, 2013 07:16 PM
    If your running that version you will need the admin patch.

    The latest is

    ClearPass Policy Manager 6.1.1.52552 on CP-SW-EVAL platform
    Dashboard


  • 11.  RE: Certificate request

    Posted Jun 11, 2013 07:46 PM

    Hello Arnold

    I see 3 patches look

    patches.PNG

     

    Are they individual patches?

    If they are, if it recommended to download and install all of them?

     

     

     



  • 12.  RE: Certificate request

    Posted Jun 11, 2013 07:55 PM
    Yes. The admin patch should fix your issue


  • 13.  RE: Certificate request

    Posted Jun 11, 2013 07:57 PM

    Yeah i saw that you mention that but what about the other updates? should i run them also? or i should not?

     

    Cheers

    Carlos



  • 14.  RE: Certificate request

    Posted Jun 11, 2013 08:15 PM
    Yes. The cultivate patch might have the other in cluded. There are a few fixes for ad and a couple others that might benifital for you.


  • 15.  RE: Certificate request

    Posted Jun 11, 2013 08:21 PM

    When i try to import the file to upgrade it it does not happen anything...

    Then when i check for updates i get this error

     

    I

    [Errno 2] No such file or directory: '/var/avenda/platform/store/updates/CPPM-x86_64-20130418-admin-hang-fix-patch.bin.meta'

     

    It seems it does not upload succesfully or something...



  • 16.  RE: Certificate request

    Posted Jun 11, 2013 11:05 PM
    I would first try using the cli? Download the file and The easiest way is to host it on a local web server. And then run

    system update -i http://xxxxxx.xxx/filename.bin

    If that doesn't work you will need to open a case and have TAC login


  • 17.  RE: Certificate request

    Posted Jun 11, 2013 11:07 PM

    Okay Arnold ill try that tomorrow and ill let you know :)

     

    Thanks

     



  • 18.  RE: Certificate request
    Best Answer

    Posted Jun 12, 2013 07:16 PM

    Hello Arnold

    Even after patching it keep happening.

    Look

     

    patch.PNG

    But i found myselft what was the issue.

    If you input a password with special characters in my case i was putting a password with an exclamation sign like this !

    for example carlos123!

     

    I thoug that MAYBE the special character was bothering so i did carlos123 whithout the !

    And it worked!

     

    is this a bug? or it does not suppor that kind of special character? because in the manual i dont remenber reading anything about it does not support special characters

     

    Cheers

    Carlos