Security

 View Only

  • 1.  Clearpass error private key required when uploading new certificate

    Posted Dec 13, 2023 12:39 PM

    Clearpass error private key required when uploading new certificate.

    I created the csr and used it to request new certificate, however I get the error above.

    Is there a way in the cli to extract the private key ?



    ------------------------------
    wayne curtis
    ------------------------------


  • 2.  RE: Clearpass error private key required when uploading new certificate

    Posted Dec 14, 2023 03:53 AM

    A certificate signing request created in ClearPass is valid for only 15 days. After 15 days, the CSR expires and the certificates that were created by it cannot be installed. Also note that the stored private key is removed 15 days after the certificate signing request was created. If you don't import the certificate within 15 days, you must create the CSR and certificate again.


    Original Message


  • 3.  RE: Clearpass error private key required when uploading new certificate

    Posted Dec 14, 2023 04:20 AM
    Edited by Herman Robers Dec 14, 2023 04:20 AM

    There is a known issue in some older 6.11 ClearPass versions where if you create a new CSR before the old one has completed and the certificate imported, the private key is mixed up between the different CSRs.

    Aruba Support can get the private key in a remote session in most cases. Another option is to create the CSR external to ClearPass and import the certificate + private key from that external source.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


  • 4.  RE: Clearpass error private key required when uploading new certificate

    Posted Dec 19, 2023 04:35 AM

    The CSR was created and then the certificate was issued within 24 hours.

    I have a TAC case raised but the TAc Engineer is pushing for me to get a " chained Certificate".


    Original Message


  • 5.  RE: Clearpass error private key required when uploading new certificate

    Posted Dec 19, 2023 07:27 AM

    Then just chain it, if it isn't yet... If you have the certificate as PEM, just add the intermediate CA at the end, and see that it still works. The message for an unchained certificate with missing intermediates is different.

    Tell the TAC Engineer that this is a known issue with early ClearPass 6.11 versions, and let her/him search for the message and solution in similar cases. I know they can retrieve the private key from the support shell and (let you) combine it with the certificate you received to import it as key+cert. You can also ask for escalation.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------

    Original Message


Related Content