Security

 View Only
  • 1.  Private Key

    Posted Jul 02, 2019 12:15 PM

    Hello,

     

    is there a way to extract the private key used for a CA Signed cert off of Clearpass?  We are using clearpass v6.6 and i have the encrypted private key file and the key to decrypt used when generating the CSR.  i need to get the private key out to use for some SSL inspection on an edge firewall?

     

    Thanks

     

    Ryan

     



  • 2.  RE: Private Key

    Posted Jul 02, 2019 12:51 PM
    Are you using Onboard?


  • 3.  RE: Private Key

    Posted Jul 03, 2019 06:26 AM

    hi there, no we are not using onboard



  • 4.  RE: Private Key

    Posted Jul 03, 2019 08:25 AM
    So what private key are you trying to export?


  • 5.  RE: Private Key

    Posted Jul 03, 2019 09:04 AM

    I generated a CSR for a HTTPS certificate for when customers browse to CPPM for Guest registration.  as part of this i obtained an encrypted private key file and set a password to use (assume to decrypt private key file).  i received signed certificate from CA and installed, providing the encrypted private key file and password.  Certifictae installed fine. 

     

    What i want to do though some testing around SSL inspection so want to access the CPPM Guest registration externally via a firewall and have the firewall SSL Inspect the inbound connection to CPPM.  for this to work it needs to decrpyt the session so to do this i need the signed CA cert and the private key to install on the firewall, it can then decrpyt (private key), inspect and re-encrpt (public key in CA cert) and pass on to CPPM.  So i need the private key from the public/private key pair generated as part of generating the CSR.

     

    Thanks



  • 6.  RE: Private Key

    Posted Jul 03, 2019 09:12 AM
    Click export and you’ll get both.


  • 7.  RE: Private Key

    Posted Jul 03, 2019 09:26 AM

    thanks, i have done this already but it still shows private key in encrypted format!

     

    -----BEGIN ENCRYPTED PRIVATE KEY-----

    xx

    xx

    xx

    xx

    ----END ENCRYPTED PRIVATE KEY-----

     

    unless this is not the case and it is the actual private key?



  • 8.  RE: Private Key

    Posted Jul 03, 2019 09:32 AM
    You’d need to decrypt the private key with the secret you defined during generation.


  • 9.  RE: Private Key

    Posted Jul 03, 2019 09:36 AM

    ok, so this is not some CPPM propriety encryption, i can use openSSL or something similar?



  • 10.  RE: Private Key
    Best Answer

    Posted Jul 03, 2019 09:38 AM
    Correct.


  • 11.  RE: Private Key

    Posted Jul 03, 2019 09:40 AM

    ok thats great, thanks Tim.

     

    will give this a go.

     

    Ryan