Security

Hi Team

I am getting the below error after I upgrade the CPPM from 6.11 version to 6.12.0 version. Is there anyone have a workaround to remove this error massage?

Thanks for your consistence! 

This seems to be something that happens if you disable the HTTPS(ECC) certificate and there are multiple RootCAs with the same name in the Trust store with the same name, like an updated Root CA from your public CA provider. ClearPass can in such a situation select the wrong Root/Intermediate CA.

Aruba TAC can assist you in this, but I've seen them replace the HTTPS certificate by a self-signed certificate (backup the original first), then remove the old/redundant root and intermediate CAs, then import the certificate again. Not sure if you have the same issue, so it may be advisable to work with TAC. This issue seems to pop up quite recent (but not only on 6.12), so the root cause (like a specific public CA's root change) may become clear in the future.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: Feb 22, 2024 08:53 AM
From: marshall mwandingi
Subject: ClearPass IV Connector error

Hi Team

I am getting the below error after I upgrade the CPPM from 6.11 version to 6.12.0 version. Is there anyone have a workaround to remove this error massage?

Thanks for your consistence! 

Hello,

I had the same problem during one of my 6.11 upgrade.

It was an Intermediate trusted certificate that was missing (not imported) at rebuild time. Added the missing PEM and the error disappears

Kind regards

Christian Chautems

Original Message:
Sent: Feb 22, 2024 09:56 AM
From: Herman Robers
Subject: ClearPass IV Connector error

This seems to be something that happens if you disable the HTTPS(ECC) certificate and there are multiple RootCAs with the same name in the Trust store with the same name, like an updated Root CA from your public CA provider. ClearPass can in such a situation select the wrong Root/Intermediate CA.

Aruba TAC can assist you in this, but I've seen them replace the HTTPS certificate by a self-signed certificate (backup the original first), then remove the old/redundant root and intermediate CAs, then import the certificate again. Not sure if you have the same issue, so it may be advisable to work with TAC. This issue seems to pop up quite recent (but not only on 6.12), so the root cause (like a specific public CA's root change) may become clear in the future.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: Feb 22, 2024 08:53 AM
From: marshall mwandingi
Subject: ClearPass IV Connector error

Hi Team

I am getting the below error after I upgrade the CPPM from 6.11 version to 6.12.0 version. Is there anyone have a workaround to remove this error massage?

Thanks for your consistence!