Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Certificate in Publisher/Subscriber model

This thread has been viewed 3 times

  • 1.  Certificate in Publisher/Subscriber model

    Posted Mar 19, 2019 05:57 PM

    I am learning some certificate basics in a stage environment prior to using them in a production environment.

    I current have 2 ClearPass PMs. One in a Publisher role and one in a Subscriber role. I have a VIP configured.

    Today I installed a new Radius Certificate on the Publisher. The certificate has SAN information for both the Publisher and Subscriber. The certificate CN is the FQDN of ip of the VIP.

     

    Do I need a cert for the publisher as well?



  • 2.  RE: Certificate in Publisher/Subscriber model
    Best Answer

    EMPLOYEE
    Posted Mar 19, 2019 05:59 PM
    You should install the same EAP server certificate on all nodes in the cluster. The EAP server cert does not need any SANs besides the CN value which should be a generic name (networklogin.yourdomain.com, etc).