Wireless Access

I have a customer that uses Aruba Instant managed by Airwave and using Clearpass.  We are building a Clearpass Guest Self Registration portal and we have gotten to the point where we need to get certificates sorted out.  The certificates on Clearpass are handled but we have hit a hurdle on the certificate for the wireless (Instant) side.  

We are aware we need to generate a CSR outside of the instant platform however, all of the solutions we have found to generate the CSR will generate a CSR and a Private Key file just fine but we don't know what the passphrase is so we can't upload the certificate to Airwave for use on the Instant clusters.  

Is there something I am missing here or am I thinking about this all wrong?  Customer had a certificate issued based on a CSR that they generated with no Private Key file so we are going to need to re-key that cert but we are in a holding pattern until we can get this private key issue figured out.  Any suggestions?  Its amazing I haven't run into this before...but I expect to run into it more in the future.

Have you checked this thread: How do I generate a CSR from an Virtual Controller?

I have a customer that uses Aruba Instant managed by Airwave and using Clearpass.  We are building a Clearpass Guest Self Registration portal and we have gotten to the point where we need to get certificates sorted out.  The certificates on Clearpass are handled but we have hit a hurdle on the certificate for the wireless (Instant) side.  

We are aware we need to generate a CSR outside of the instant platform however, all of the solutions we have found to generate the CSR will generate a CSR and a Private Key file just fine but we don't know what the passphrase is so we can't upload the certificate to Airwave for use on the Instant clusters.  

Is there something I am missing here or am I thinking about this all wrong?  Customer had a certificate issued based on a CSR that they generated with no Private Key file so we are going to need to re-key that cert but we are in a holding pattern until we can get this private key issue figured out.  Any suggestions?  Its amazing I haven't run into this before...but I expect to run into it more in the future.

Yes, and that was the source of my sentence saying we were aware that the CSR needs to be generated outside of the Instant platform came from.  Our problem isn't in generating a CSR, its generating a CSR and a private key file where we know what the private key is so that we can upload it.

Have you checked this thread: How do I generate a CSR from an Virtual Controller?

I have a customer that uses Aruba Instant managed by Airwave and using Clearpass.  We are building a Clearpass Guest Self Registration portal and we have gotten to the point where we need to get certificates sorted out.  The certificates on Clearpass are handled but we have hit a hurdle on the certificate for the wireless (Instant) side.  

We are aware we need to generate a CSR outside of the instant platform however, all of the solutions we have found to generate the CSR will generate a CSR and a Private Key file just fine but we don't know what the passphrase is so we can't upload the certificate to Airwave for use on the Instant clusters.  

Is there something I am missing here or am I thinking about this all wrong?  Customer had a certificate issued based on a CSR that they generated with no Private Key file so we are going to need to re-key that cert but we are in a holding pattern until we can get this private key issue figured out.  Any suggestions?  Its amazing I haven't run into this before...but I expect to run into it more in the future.

Yes, and that was the source of my sentence saying we were aware that the CSR needs to be generated outside of the Instant platform came from.  Our problem isn't in generating a CSR, its generating a CSR and a private key file where we know what the private key is so that we can upload it.

Have you checked this thread: How do I generate a CSR from an Virtual Controller?

I have a customer that uses Aruba Instant managed by Airwave and using Clearpass.  We are building a Clearpass Guest Self Registration portal and we have gotten to the point where we need to get certificates sorted out.  The certificates on Clearpass are handled but we have hit a hurdle on the certificate for the wireless (Instant) side.  

We are aware we need to generate a CSR outside of the instant platform however, all of the solutions we have found to generate the CSR will generate a CSR and a Private Key file just fine but we don't know what the passphrase is so we can't upload the certificate to Airwave for use on the Instant clusters.  

Is there something I am missing here or am I thinking about this all wrong?  Customer had a certificate issued based on a CSR that they generated with no Private Key file so we are going to need to re-key that cert but we are in a holding pattern until we can get this private key issue figured out.  Any suggestions?  Its amazing I haven't run into this before...but I expect to run into it more in the future.

I would highly recommend using a separate program for creating the private key and CSR, openssl being the default to go to.

Example process: https://itigloo.com/security/generate-an-openssl-certificate-request-with-sha-256-signature/

Sometimes when you generate the private key, the key itself isn't stored in a secured manner so there isn't any password to deal with.  Problem with that is that any interface that doesn't make the key password optional is going to have issues. You can get around that challenge by either applying a password or repackaging the key and certificate into a PKCS#12 (PFX) format.

https://lindevs.com/add-password-to-private-key-using-openssl

https://langui.sh/2009/01/24/generating-a-pkcs12-pfx-via-openssl/

https://www.sslshopper.com/article-most-common-openssl-commands.html

https://spin.atomicobject.com/2014/05/12/openssl-commands/

Yes, and that was the source of my sentence saying we were aware that the CSR needs to be generated outside of the Instant platform came from.  Our problem isn't in generating a CSR, its generating a CSR and a private key file where we know what the private key is so that we can upload it.

Have you checked this thread: How do I generate a CSR from an Virtual Controller?

I have a customer that uses Aruba Instant managed by Airwave and using Clearpass.  We are building a Clearpass Guest Self Registration portal and we have gotten to the point where we need to get certificates sorted out.  The certificates on Clearpass are handled but we have hit a hurdle on the certificate for the wireless (Instant) side.  

We are aware we need to generate a CSR outside of the instant platform however, all of the solutions we have found to generate the CSR will generate a CSR and a Private Key file just fine but we don't know what the passphrase is so we can't upload the certificate to Airwave for use on the Instant clusters.  

Is there something I am missing here or am I thinking about this all wrong?  Customer had a certificate issued based on a CSR that they generated with no Private Key file so we are going to need to re-key that cert but we are in a holding pattern until we can get this private key issue figured out.  Any suggestions?  Its amazing I haven't run into this before...but I expect to run into it more in the future.