Security

 View Only
  • 1.  ClearPass HTTPS certificate

    Posted Dec 10, 2019 06:00 AM

    Hello,

     

    I've been reading the ClearPass Certificates 101 v1.2 guide and trying to set up HTTPS certs on our ClearPass cluster (Publisher and 3 subscribers).

     

    I generated a CSR on the publisher which used the VIP DNS name for the CN, and then in the SAN field I listed the 4 DNS names of the individual boxes, and their IP addresses (though actually it looks like the IP addresses haven't made it into the final certificate which I'm investigating with the issuer). The plan is to install the same cert on all the boxes.

     

    I have the new crt certificate file from our public CA and have successfully installed it on the publisher, but when I try to install it on the other boxes (from the publisher GUI) I get an error because the private key file isn't present on those boxes. I don't have the private key file, but is there a way to copy it from the publisher to the other boxes to avoid this problem? Or is there another solution?

     

    Thanks in advance,

     

    Guy



  • 2.  RE: ClearPass HTTPS certificate
    Best Answer

    Posted Dec 10, 2019 07:39 AM
    Not sure why that never works but if you call TAC they assist you with getting the private key from shell

    Sent from Mail for Windows 10


  • 3.  RE: ClearPass HTTPS certificate

    Posted Dec 11, 2019 10:41 AM

    I had missed the obvious solution - on the Certificate Store page once I had imported the new cert to the publisher there is an option to export the cert which produces a .p12 format file, so I did that and then I could import that file to the other controllers individually. Thanks



  • 4.  RE: ClearPass HTTPS certificate

    Posted Jan 08, 2020 11:01 PM

    The private key is only available on the node it was created. Any other operations require an export and import.