I would recommend to generate your CSRs offline, if you have the capabilities and knowledge (openssl or other tooling). That would make it much easier to backup/store the private key and then import key+certificate into multiple ClearPass servers.
Having said that, if you were able to generate key and CSR, get it signed and imported in the publisher (or other node where you generated the CSR), you can export it (make sure password is provided to export the private key with it); then import the p12 as PKCS#12 with key and certificate in one. Once you exported the p12, you can backup it as well.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Nov 07, 2024 10:32 AM
From: StfObs
Subject: Unable to import a Server Certificate into ClearPass
Hi,
Same issue in 6.11, when I try to import certificat on a subscriber (for EAP and https the private key is asked).
If my understanding is correct the private key is located on the server which make the csr, so my questions is :
- how can we deploy a wildcard certificate created from a CSR on the Pub, on all others nodes ...as they don't have the private key stored locally
- same question with EAP/radius which must be the same on all node
Does i need to recreate a CSR for each node from the Pub with the CN of each node ?
Brgds
Original Message:
Sent: Jun 24, 2023 12:32 PM
From: admaruba
Subject: Unable to import a Server Certificate into ClearPass
hey all, just resolved the issue, to be honest its quite funny,
first things first - in my DC that acts as a DNS i created a static A record that resolves to my clearpass server (cppm1-pub - 10.0.1.xxx)
the second thing I have verified that the NTP in the server and in the CPPM is synced (i have edited the registry in the DC to point to an ntp pool address insted of the windows time server)
then I created a CSR and on the windows cert srv (the one that is accessible via the web page http://x.x.x.x/certsrv)
I have signed the https certificate with the certificate template of a web server
after that the certificate were uploaded without any problems.
always check your DNS / NTP configuration/
Original Message:
Sent: May 09, 2023 10:30 AM
From: Kevinsmith6
Subject: Unable to import a Server Certificate into ClearPass
Hi
I have also run into the same issue on 6.11.1 - did you hear back from TAC with a fix?
Thanks
Kevin
Original Message:
Sent: May 02, 2023 10:57 AM
From: jonas.hammarback
Subject: Unable to import a Server Certificate into ClearPass
Hi
I have just run into the same issue, on ClearPass 6.11.2, where we can't import the certificate on the server.
Instead of troubleshooting the issue we created a new certificate request outside ClearPass and imported the certificate and private keys as separate PEM files instead.
------------------------------
Best Regards
Jonas Hammarbäck
MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP , ACEP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Jan 30, 2023 06:32 PM
From: ask74
Subject: Unable to import a Server Certificate into ClearPass
Hello there
I'm trying to follow this Obtaining and Installing a Signed Certificate From Active Directory article for CPPM v 6.11, however, I'm having issue when I try to import
a Server Certificate into ClearPass, and it keeps showing Private Key File must be specified |
When I try to download CSR, it doesn't download the private keys (as with older version of CPPM). It says that Private keys is stored in the system
I don't know where can I specify the Private Key file
I can't find any recent documents that explain importing a Server Certificate into ClearPass for CPPM v 6.11.
Can anyone help me to resolve this issue Private Key File must be specified |