Security

 View Only
last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

HTTPS Wild Card Cert

This thread has been viewed 46 times
  • 1.  HTTPS Wild Card Cert

    Posted Apr 03, 2023 04:17 PM

    Hello,

    ClearPass doesn't support generating CSR with wild card. How do we generate a CSR from ClearPass in-order to get a wild card cert from public CA? How is the CN should look like?

    Thanks,
    Ali Yassine



  • 2.  RE: HTTPS Wild Card Cert

    Posted Apr 04, 2023 10:36 AM

    You can get the CSR from anywhere, or even have it generated by your public CA which many have tools for generating keys and CSRs. No need to request if from ClearPass.

    For a wildcard, the CN would be *.yourdomain-or-subdomain.tld and the first SAN would be DNS:*.yourdomain-or-subdomain.tld; but many public CAs will replace whatever you put in your CSR to what you order with them.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 3.  RE: HTTPS Wild Card Cert

    Posted Apr 04, 2023 03:07 PM

    Hello Herman,

    I do appreciate your reply! 

    let us say i generate a csr from clearpass where The CN would be  cppm.yourdomain-or-subdomain.tld Then the Public CA can replace it to *.yourdomain-or-subdomain.tld?

    Thanks,
    Ali Yassine




  • 4.  RE: HTTPS Wild Card Cert

    Posted Apr 05, 2023 02:57 AM

    That depends a bit on the CA, but many of them will ignore what is in the CSR and allow you to override with the name you are ordering a certificate for.
    I would recommend creating the keys and CSR with another tool, like OpenSSL or the tool your Public CA offers, as if the CSR matches what you order, chances are even better that everything goes smoothly. Import the externally generated key + signed cert in that case into ClearPass.



    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

    In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
    ------------------------------



  • 5.  RE: HTTPS Wild Card Cert

    Posted Apr 05, 2023 08:37 AM

    Thanks for the clear instructions and support!