View Only
last person joined: 17 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

database basic constraint

This thread has been viewed 25 times
  • 1.  database basic constraint

    Posted Aug 18, 2022 12:32 AM
    Dear All,

    in our development clearpass for testing later in production, we would like to upgrade clearpass from 6.8.6 to 6.10.6 version, 

    but when we tried to make subscriber, its failing, and we asume the database clearpass is invalid,

    we tried to upload each of database certificate to another node, but we get notification Database usage does not contain valid basic constraints,

    is there anything to fix this problem ?
    Database usage does not contain valid basic constraints




  • 2.  RE: database basic constraint

    Posted Aug 18, 2022 08:14 AM
    Looks like you imported the database certificate in the trust list; where you should import the Root (your Onboard CA).

    What might work is to change to self-signed certificates for the Database; or check this document about the database certificates.

    If that doesn't help, it may be good to work with Aruba Support to get these things done right.

    Herman Robers
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

  • 3.  RE: database basic constraint

    Posted Aug 19, 2022 01:26 AM
    Dear Herman,

    here is the notification of error when i try to make subscriber

    we would like to upgrade 4 node C3000 at customer clearpass,

    but we would like to try it out first in vm,

    from this notification, just number 3 is not right, that license is eval and not activated,

    is that true if we would like to make cluster, license platform of clearpass should active ?



  • 4.  RE: database basic constraint

    Posted Aug 19, 2022 02:29 AM
    - update - 

    Dear Herman and all,

    i forgot to check on event viewer,

    that when we create CSR, on field CN should input IP of node clearpass,

    and i try to upload certificate again, then restart, then make subscriber again,

    and its done,

    thanks Herman and all