Security

 View Only
  • 1.  Error import pem certificate

    Posted Mar 13, 2023 05:06 AM
    Edited by athan Apr 04, 2023 10:34 AM

    Hi I get this error to import pem certificate 



  • 2.  RE: Error import pem certificate

    Posted Mar 13, 2023 08:15 AM
    Hi,

    You simply need to import a .p12 cert file.

    It is a file that contains the private key as well.

    If you are using the same cert for all radius/eap, https(rsa), radsec, database, then u can export one of them (choose export with password), then u will get the .p12 file.

    Import this .p12 file and choose the server cert type u want to replace, and re-enter the same password from previous step.

    Do not miss the private key password and it is recommended to put 16 characters of strong password criteria to it.

    Hope this helps.





  • 3.  RE: Error import pem certificate

    Posted Mar 13, 2023 08:18 AM
    Or,

    you simply need to choose the first option and import it. ClearPass will use the stored private key file that was generated when u created the CSR. This way u dont need to enter any password.

    Then if u want to use same cert for any other type of server cert, follow my previous reply.






  • 4.  RE: Error import pem certificate

    Posted Mar 13, 2023 09:07 AM

    Hi how I import from pem to .p12 file 

    I dont use the same certificate for radius or HTTP ....




  • 5.  RE: Error import pem certificate

    Posted Mar 15, 2023 07:47 AM

    In what format do you have your private key, certificate, and intermedate certificates available? How did you generate or request the certificate?

    .p12 / PKCS#12 is a different binary file format, which includes the certificate and private key and is password protected.

    .pem is a text file which can have just the certificate, just a private key, other certificates (like the intermediate), or a combination.

    Depending on how you requested the certificate and which components you have, another approach may be needed.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 6.  RE: Error import pem certificate

    Posted Mar 16, 2023 05:25 AM

    Hello, thanks for the response


    his certificate is for an HTTPS web for guest user .
    One of the two guest portals on his  campus is located in the clear pass.
    For this reason, I informed him that his  would require a certificate

    He asks for a certifate Crt format .
     when he tries to put on the clears pass he gets  a mistake.
    I informed him that he would have to make a certificate.
    pem, but the error remains the same.
    I apologize if this post is not sufficiently clear; I occasionally have trouble understanding the certificates. 




  • 7.  RE: Error import pem certificate

    Posted Mar 16, 2023 05:33 AM

    Hi

    As mentioned before the certificate must be installed with the corresponding private key.

    A crt file does not contain the private key. For this you need a pfx or p12 certificate file containing both the certificate and the private key.

    Or a private key in a separate file that match the certificate public key.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACMP, ACDP, ACP-Network Security, ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 8.  RE: Error import pem certificate

    Posted Mar 16, 2023 07:05 AM

    I get that some people have difficulties understanding certificates and how to work with them. In that case, I would strongly recommend to work with your Aruba Partner, Aruba Support or someone who has experience with certificates and the concepts like private keys, certificate chains, etc.

    BTW, a .crt file is the same as a .pem file. You can just rename the file to the desired extension. Still you need to understand what you do as well you need a private key that matches the certificate either in the ClearPass server if you generated the CSR there, or in another pem file, or in the same PKCS#12 .p12 file.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------