Security

last person joined: 5 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

clearpass 6.10 backup of certs

This thread has been viewed 10 times
  • 1.  clearpass 6.10 backup of certs

    Posted 13 days ago
    Hi All,

    I was under the impression that in 6.10  a server backup also backed  up the certificates installed on the machine.

    Just upgraded a server from 6.10.1 -> 6.10.2 and did a config backup

    Built a new 6.10.2 VM differnt IP address

    Restored the config to it - no certs restored

    Was 6.10 supposed to backup/restore certs ?
    A

    ------------------------------
    Alex Sharaz
    ------------------------------


  • 2.  RE: clearpass 6.10 backup of certs

    Posted 12 days ago
    Certificates are not part of a ClearPass backup (or not of the restore, but end result is the same). Other well-known things that are not part of the CPPM backup are the domain join and licenses.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: clearpass 6.10 backup of certs

    Posted 12 days ago
    This is why certs don't belong in backups: horizon3ai/vcenter_saml_login: A tool to extract the IdP cert from vCenter backups and log in as Administrator (github.com)

    ------------------------------
    Tim C
    ------------------------------



  • 4.  RE: clearpass 6.10 backup of certs

    Posted 12 days ago
    Ok good reason :-)

    Following on from that , also thought I’d read that 6.10 purges endpoints “N” days after last seen on network instead of 1st seen. Which makes more sense
    Hi Sent from my iPhone