Cedric, can you please open a TAC Support case for this? You are not the first to report this, and I tried multiple times to replicate the same in my lab but could not replicate. It just works here if I generate CSR, get it signed (through Windows CA, not public CA, but should not make a difference), and import in ClearPass.
There is a change though in ClearPass 6.11 that the private key for a CSR is not retained for a long period, but it should be in the range of a week or so. If it took a really long time, you could try again and then make sure that you import the certificate faster after generating the CSR.
Because it's not the first time I hear this, it would be good that Aruba Support has a look at it so when the root cause is found it can be fixed in the product.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Feb 21, 2023 09:19 AM
From: dewced
Subject: Clearpass HTTPS ECC certificate import issues
Hi!
Anyone having trouble in 6.11 to import certificates? I did it before in 6.10, but now it is such a hassle.
I created an CSR in Clearpass, passed that along to my provider Xolphin, and they returned with root/intermediate (Sectigo) and a CRT file.
I imported/enabled the root/intermediate, and tried to import my CRT but then it asks a private key... But it said upon creating CSR that the private key is stored in Clearpass?
Afterwards, I tried by using OpenSSL where I created the private key as .key file and CSR, and when importing CRT & KEY file it says "Private Key Type not allowed for this particular Server Certificate".. Also that private key password, I didn't choose one in openssl.
Anyone an idea what best is to do?
Thanks!
Cedric