Security

 View Only
Expand all | Collapse all

"Private key is not specified" when importing RADIUS/EAP Certificate with CSR created on ClearPass 6.11.1

This thread has been viewed 34 times
  • 1.  "Private key is not specified" when importing RADIUS/EAP Certificate with CSR created on ClearPass 6.11.1

    Posted Feb 28, 2023 01:54 PM

    Hello Airheads Community,

    After upgrading a CPPM 6.10.7 to 6.11.1 of our CLABV environment (we use it for testing) following the CPPM 6.11 Installation Guide, I'd imported the backup from my CPPM 6.10.7 and it imported successfully.

    But when generating a new CSR with the information in attachment, I was able to create the certificate successfully into our internal CA (Server 2012 R2 AD CS).

    But when importing the certificate, I'm receiving the message "Private Key File must be specified", as can be seen in attachment. I requested the certificate the same way I did with ClearPass 6.10 into the past, but now it's not working. I can see that the CSR matches the certificate, as can be seen below:

    % openssl rsa -noout -modulus -in certnew.cer | openssl md5
    MD5(stdin)= d41d8cd98f00b204e9800998ecf8427e
    % openssl rsa -noout -modulus -in CertSignRequest.csr | openssl md5 
    MD5(stdin)= d41d8cd98f00b204e9800998ecf8427e

    I'd also could found at least two users that seems to be facing the same issue, so it's likely a bug report to me:

    We was able to create a CSR and import the RADIUS/EAP certificate into another client in a production environment running ClearPass 6.11.0, so I believe it's a issue related to the ClearPass 6.11.1.

    I'd could found two workarounds for this issue:

    1. If you still have access to the older ClearPass server and it still has a valid certificate, you can export the RADIUS/EAP certificate and import it into the newer one.

    2. If you're deploying a new server, you can create a new CSR using OpenSSL or a GUI-like tool (e.g. XCA), request the CSR using ADCS and importing it's certificate and private key to ClearPass.



  • 2.  RE: "Private key is not specified" when importing RADIUS/EAP Certificate with CSR created on ClearPass 6.11.1

    Posted Mar 06, 2023 07:25 AM

    Herman sent me a Private Message instruct me to exceptionally open a TAC case to troubleshoot this issue on our CLABV environment. I pretend to update this thread as soon as I receive a definitive response from the TAC team.




  • 3.  RE: "Private key is not specified" when importing RADIUS/EAP Certificate with CSR created on ClearPass 6.11.1

    Posted Apr 19, 2023 11:27 AM

    I encountered the same issue. TAC were able to pull the private key from clearpass cli. Then, they sent me a file with .pkey extension which solved the problem.