Security

Hi All,

I am being prompted to renew one of the certs in CPPM which is expiring in 3 months time. As checked, this cert is listed in Certificates > Trust List and is in enabled state and the usage is EAP, Others.

But under the Certificates > Certificate Store > Server Certificates tab, none of our CPPM boxes certs under "Radius/EAP", "HTTPS", "RadSec" and "Database" usage are expiring in 3 months time.

Does that mean we are not using the cert ?


------------------------------
Vincent C
------------------------------

Hi Vincent,

Just check (depending on your version) the service certificates tab also - it's in the same place as your server certificates if available in your version of CPPM. I just recently renewed a service certificate (and deleted the expired one) and the expiry warning persisted until I rebooted. This may have been because I had not detached it from the service prior to removal however. 

It is possible to import trusted certificates. If it's not one associated to your server certificates then you might have to get creative in order to source a renewed one.

Is CPPM up to date?
Original Message:
Sent: Oct 18, 2021 04:33 AM
From: Vincent Cheang
Subject: How to verify if certs are in used or needs to be renew?

Hi All,

I am being prompted to renew one of the certs in CPPM which is expiring in 3 months time. As checked, this cert is listed in Certificates > Trust List and is in enabled state and the usage is EAP, Others.

But under the Certificates > Certificate Store > Server Certificates tab, none of our CPPM boxes certs under "Radius/EAP", "HTTPS", "RadSec" and "Database" usage are expiring in 3 months time.

Does that mean we are not using the cert ?


------------------------------
Vincent C
------------------------------

ClearPass should tell which cert is about to expire:



In this case, I need to renew the Radius Server Cert and the RadSec Server Certificate.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Oct 18, 2021 04:33 AM
From: Vincent Cheang
Subject: How to verify if certs are in used or needs to be renew?

Hi All,

I am being prompted to renew one of the certs in CPPM which is expiring in 3 months time. As checked, this cert is listed in Certificates > Trust List and is in enabled state and the usage is EAP, Others.

But under the Certificates > Certificate Store > Server Certificates tab, none of our CPPM boxes certs under "Radius/EAP", "HTTPS", "RadSec" and "Database" usage are expiring in 3 months time.

Does that mean we are not using the cert ?


------------------------------
Vincent C
------------------------------