Original Message:
Sent: Dec 01, 2023 02:48 AM
From: christian.chautems@swisscom.com
Subject: ClearPass GUI/Captive portal presenting EAP certificate
Hello,
Did you check the certificate that is presented with the Guest portal, is it not the HTTPS - ECC certificate.
If yes just disable it on all CPPM servers.
Kind regards
Christian
Original Message:
Sent: Nov 30, 2023 12:45 PM
From: Ropz
Subject: ClearPass GUI/Captive portal presenting EAP certificate
Edit :
> Just changed my EAP certificates with ones delivered by my own Enterprise PKI : same issue ; it still presents me an autosigned certificate when trying to access GUI
The autosign presented :
The https certificate :
The EAP certificate :
The Root/Intermediate Public ca in the trust List :
Dunno what to do more ?
Original Message:
Sent: Nov 30, 2023 11:45 AM
From: Ropz
Subject: ClearPass GUI/Captive portal presenting EAP certificate
Hi Community,
Sorry if this question has already been asked by someone else ;
I am facing a weird issue in my lab and had the same in one of my customers deployment :
> Got a cluster of 3 cppm servers
> Got EAP autosigned certificates (by default, didn't touch them)
> Got a public signed wildcard for https(rsa) certificate
> Got the root + intermediate public ca enabled and with role "other" in the trust list
> The dns resolution is working fine (for gui access and for captive portal)
But, when i'm trying to access the GUI of the servers (any of the 3 of them) of when i try to connect to my guest SSID, it seems that the server responds back with it's EAP autosigned certificate .... never presents me https(rsa) one
I tried to patch to version 6.11.6.x, same issue
I tried to clear the https certificate in CLI (command "system reset-server-certificate") and then re-import it : same issue
Anyone has a clue of why i get this behavior ?
Thanks for help !