Security

 View Only
  • 1.  Clearpass HTTPS ECC certificate import issues

    Posted Feb 21, 2023 09:20 AM

    Hi!

    Anyone having trouble in 6.11 to import certificates? I did it before in 6.10, but now it is such a hassle.

    I created an CSR in Clearpass, passed that along to my provider Xolphin, and they returned with root/intermediate (Sectigo) and a CRT file.
    I imported/enabled the root/intermediate, and tried to import my CRT but then it asks a private key... But it said upon creating CSR that the private key is stored in Clearpass?

    Afterwards, I tried by using OpenSSL where I created the private key as .key file and CSR, and when importing CRT & KEY file it says "Private Key Type not allowed for this particular Server Certificate".. Also that private key password, I didn't choose one in openssl.

    Anyone an idea what best is to do?

    Thanks!

    Cedric



  • 2.  RE: Clearpass HTTPS ECC certificate import issues

    Posted Feb 22, 2023 06:28 AM

    When importing the signed CSR you must select "Upload certificate and use Saved Private key".

    The passphrase field must not be left empty in the GUI. If you have not set a private key password then enter something so that there is a value in the field.



    ------------------------------
    Regards,

    Waldemar
    ACCX # 1377, ACEP, ACA - Network Security
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 3.  RE: Clearpass HTTPS ECC certificate import issues

    Posted Feb 22, 2023 06:36 AM

    Having the same issue on importing the radius certificate when im using a request, used the saved private key but it say i must include the private key file, and dont have that option




  • 4.  RE: Clearpass HTTPS ECC certificate import issues

    Posted Feb 22, 2023 06:52 AM

    There is no field for private key file when you select "Upload certificate and use Saved Private key".



    ------------------------------
    Regards,

    Waldemar
    ACCX # 1377, ACEP, ACA - Network Security
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 5.  RE: Clearpass HTTPS ECC certificate import issues

    Posted Feb 24, 2023 04:23 AM

    Can you please open a TAC Support case for this? You are not the first to report this with CPPM 6.11, and I tried multiple times to replicate the same in my lab but could not replicate. It just works here if I generate CSR, get it signed (through Windows CA, not public CA, but should not make a difference), and import in ClearPass.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 6.  RE: Clearpass HTTPS ECC certificate import issues

    Posted Feb 24, 2023 04:22 AM

    Cedric, can you please open a TAC Support case for this? You are not the first to report this, and I tried multiple times to replicate the same in my lab but could not replicate. It just works here if I generate CSR, get it signed (through Windows CA, not public CA, but should not make a difference), and import in ClearPass.

    There is a change though in ClearPass 6.11 that the private key for a CSR is not retained for a long period, but it should be in the range of a week or so. If it took a really long time, you could try again and then make sure that you import the certificate faster after generating the CSR.

    Because it's not the first time I hear this, it would be good that Aruba Support has a look at it so when the root cause is found it can be fixed in the product.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------