View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

ClearPass /.well-know URL fails, is my cluster broken

This thread has been viewed 13 times
  • 1.  ClearPass /.well-know URL fails, is my cluster broken

    Posted May 31, 2022 03:51 AM
    I'm build out DUR roles on CX and CPPM and when I try to extract the well-know URL I get 404 error 

    (http://<clearpass- fqdn>/.well-known/aruba/clearpass/https-root.pem)

    What am I missing
    ClearPass Pub&Sub has a public cert, with the FQDN in the SAN name, 
    ClearPass Version is 6.10

    Do I need to raise a TAC case?

    Andrew Partridge

  • 2.  RE: ClearPass /.well-know URL fails, is my cluster broken

    Posted May 31, 2022 11:35 AM
    Could it be that you are on 6.10.0? Please upgrade to the latest 6.10 patch release as in the early versions that well-known URL worked only with ECC certificates, and the RSA certificate was available as https-root-rsa.pem. Later updates have fixed that in a way that if there is no ECC cert, that the RSA certificate is available on that URL.

    Adding -rsa in the URL would work as well, but there are some security fixes in the latest ClearPass version which should be a reason to upgrade anyway.

    Herman Robers
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

  • 3.  RE: ClearPass /.well-know URL fails, is my cluster broken

    Posted Jun 23, 2022 05:39 AM
    I was able to access the cert in Explorer in the end, and firefox.

    I am although I assume a browser issue and not a clearpass issue