It depends on your CA issuer. Usually you have an option to add additional SAN entries into csr via provider interface before you sign it. Other option is to use OpenSSL to add additional SAN entries into csr before it's sent to CA. The third option would be to generate the certificate and private key via provider's interface and add required SAN fields during certificate creation. It really depend on the provider.
In Clearpass CA you have an option to add SAN fields via GUI in Onboarding module when you sign the certificate.
Original Message:
Sent: Aug 19, 2024 04:25 AM
From: Mithran
Subject: ClearPass Guest Certificate Renewal
Hi @jonas.hammarback , Thank you for the update. If we have multiple SAN names, how should we include them in the SAN name field of the Clearpass CSR?
Original Message:
Sent: Aug 16, 2024 09:55 AM
From: jonas.hammarback
Subject: ClearPass Guest Certificate Renewal
Hi
I assume you are referring to the https certificate in ClearPass?
If so you should pay attention to keep the same SAN names in the new certificate as this certificate is not only utilized for the https traffic for the guests when browsing the captive portal pages, but also the management access to the ClearPass server. If you are using Downloadable User Roles for switches or WLAN, you should also make sure to have the new certificate issued by the same root CA. If not you have to make sure your network infrastructure trust the new CA, or the Downloadable User Role download may stop working.
If all this is correct, changing the certificate is easy. After the new certificate has been installed it may take up to a few minutes before it has been applied fully.
Export the old certificate and keep as backup if you need to do a rollback.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Aug 16, 2024 08:19 AM
From: Mithran
Subject: ClearPass Guest Certificate Renewal
We're updating the ClearPass guest certificate, and this is my first time handling it. This certificate is used for guest authentication. Besides importing the certificate, is there anything else I need to do? Any help would be appreciated!