Security

last person joined: 16 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

DUR not downloaded | ssl error

Jump to Best Answer
This thread has been viewed 20 times
  • 1.  DUR not downloaded | ssl error

    Posted 15 days ago
    Hi all,

    I am working on getting UPT to work on my 2930F & Clearpass.
    Currently, I got stuck with downloading my user role.
    The authentication of my test-client works fine and the following radius-response is sent to the switch.
    Nevertheless, when running "show user-role downloaded" no user role is listed and no tunnel to the controller is established.
    When debugging SSL security I discovered that my certificate is marked as expired. My certificate is the root certificate from my windows testing pki.

    As of my thinking the certificate should be valid, because it expires in 2521:


    Is there another problem or is my root certificate the real problem?

    Best regards
    Michael

    ------------------------------
    Michael
    Michael
    ------------------------------


  • 2.  RE: DUR not downloaded | ssl error

    Posted 14 days ago
    Did you create the Clearpass login user for the switch to login to clearpass and perform an HTTP GET to retrieve the role information? Also, your switch needs to trust the certificate chain from Clearpass.

    ------------------------------
    Dustin Burns
    ------------------------------



  • 3.  RE: DUR not downloaded | ssl error

    Posted 14 days ago
    You can't use the root certificate itself for ClearPass, instead, issue a certificate from that root for your ClearPass. Role downloads require the server certificate to be issued by another CA, the root itself is self-signed (by definition).

    The expiration time of 500 years might be an issue as well, but first, make sure you are not using the root CA itself as ClearPass server certificate.

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
    ------------------------------



  • 4.  RE: DUR not downloaded | ssl error
    Best Answer

    Posted 13 days ago
    My error was that I had the switch listed within Clearpass with a wrong IP address...

    ------------------------------
    Michael
    ------------------------------