Security

 View Only
  • 1.  Clearpass import certificate failed

    Posted Feb 22, 2023 05:44 AM

    hi, i'm about to import a radius server certificate.

    Made af certificate request and got it signed with a local pki ca as a webserver template.

    When i import it back in clearpass i get a "private key file must be specified" even when i made a request in the clearpass server.

    Any ideers?

    Morten



  • 2.  RE: Clearpass import certificate failed

    Posted Feb 22, 2023 06:22 AM

    Hi Morten

    Have you selected the option "Upload certificate and use saved private key"?

    How many days is it since you created the CSR? If it's longer time than the clean up intervall for information stored on the disk the CSR will be deleted. By default 7 days.

    In ClearPass 6.11 there are a new option to set a different value for CSR files, found under Cluster Wide parameters\Cleanup Intervalls.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACMP, ACDP, ACP-Network Security, ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 3.  RE: Clearpass import certificate failed

    Posted Feb 22, 2023 06:26 AM

    Hi.

    Im doing it by the book, using the use private saved keys, just made the request today 1 hour ago, is there a way to cleanup the saved keys manuel? the value is standard 15 days in 6.11.1.25xxxx

    mayby the request is hanging, so if i can cleanup the requests and make a new one

    mojo




  • 4.  RE: Clearpass import certificate failed

    Posted Feb 22, 2023 06:34 AM

    Hi

    I don't know if there is an option to clear the request manually.

    But I have seen other persons having issues on 6.11.

    https://community.arubanetworks.com/discussion/clearpass-https-ecc-certificate-import-issues#bmbac301c5-82f4-43e1-b73f-ea4d47cd0c7c

    I have not run into issues when requesting certificates for 6.11.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACMP, ACDP, ACP-Network Security, ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 5.  RE: Clearpass import certificate failed

    Posted Feb 22, 2023 08:55 AM

    Hi Morjo,

    Make sure that you import the certificate on the same ClearPass node your create the CSR. After import, export it as PKCS12 (including the privatekey) and import the same radius certificate at the second ClearPass node.

    I don't had any issues with 6.11.x. Please note the CSR is clean-up after 14-15days and iám not 100% sure what happens if you do a update/upgrade after the CSR is created. Manually delete the CSR is only possible from the CLI backend where only Aruba TAC Support have access to.

    If any issues you can try to create the CRS on a different linux system our system with OpenSSL installed on. And import to ClearPass an PKCS12 with includes the privatekey, cert, root-ca, root-intermediates. Otherwise contact Aruba TAC Support to assist you.



    ------------------------------
    Marcel Koedijk | MVP Expert 2022 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------



  • 6.  RE: Clearpass import certificate failed

    Posted Feb 22, 2023 12:41 PM

    Hi.

    Done it many times, its was a stanealone server (poc) and i it was on the import phase that failed, did a workaround, just made a csr on my computer and importet it, then i exportet it with private keys. Just trying to install a new clearpass home to see if i can replicate the error again, its my first standalone so mayby its there the issue is.