Hi all,I am working with Clearpass for a while.
I always had the infrastructure done before I step in and now for the first time I need to make it all from scratch.I am having trouble understanding the certificate section on the initial setup.I did understand there is HTTPS certificate and Radius certificate.
Not sure what is the exact role of each one of them.
And if the https certificate has to be public?In addition, if I want to form a cluster, which certificate is needed? and does it mandatory to install it before forming the cluster?I would appreciate an answer and just a link to some guides because I already went through a lot of them.
Not sure what is the exact role of each one of them.HTTPS is used for the Web Admin interface of ClearPass and all Portals (Guest, Onboard, etc.). RADIUS is used for EAP/802.1X.
And if the https certificate has to be public?If you are doing guest portals where you do not control the endpoints yes. If not, then no. It could be an internal CA or self-signed.In addition, if I want to form a cluster, which certificate is needed? and does it mandatory to install it before forming the cluster?HTTPS is used. Along with the database certificate. You will be prompted when you form the cluster to trust the HTTPS certificate of the other node. I always make sure my Certificate Trust Lists and the actual Certificates on all cluster nodes are configured completely before joining together.
Hi Herman,Thank you for replying.
I did see the first video of the HTTPs certificate.About the RADIUS certificate, you suggest not using a public certificate.But I have a customer that doesn't have CA in the organization. My question is if it is possible to use the public certificate I used for the HTTPS? (if it is even possible) or it is better to use a self-signed certificate in this case for the RADIUS certificate?
Thank you for the detailed answer.I got some of it much better now.Can you tell me what exactly a database certificate means? I had never heard about this one before.About the radius certificate, do I need it for the endpoints in addition to the Clearpass? or in the nodes? switches/controllers?
This was very informative.
© Copyright 2023 Hewlett Packard Enterprise Development LPAll Rights Reserved.