I just tried the same with ClearPass 6.11 (HTTPS instead of EAP though), and that just works with the saved private key. Please make sure that the server and the type of certificate match between the CSR and import (Server Certificate / RADIUS/EAP Server Certificate).
If it doesn't work, please reach out to Aruba Support as they can check what is happening here, fix your issue, and either clarify the documentation or get a bug filed.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jan 31, 2023 07:14 AM
From: lord
Subject: Unable to import a Server Certificate into ClearPass
When creating the CSR, the private key does not leave the CPPM, it is stored locally for 15 days, after which it is deleted, as described here.
When importing the signed CSR, the upload method "Upload Certifikate and Use Saved Private Key" must be selected, as described here.
If you want to install another certificate after creating the CSR, the stored private key will be deleted.
------------------------------
Regards,
Waldemar
ACCX # 1377, ACEP, ACA - Network Security
If you find my answer useful, consider giving kudos and/or mark as solution
Original Message:
Sent: Jan 31, 2023 03:40 AM
From: ask74
Subject: Unable to import a Server Certificate into ClearPass
Thanks for your reply.
Yes, I used CSR for this. However, if I'm going to specify the private key password (same in CSR process & the one when I import it in ClearPass) it requires to upload the private key file as shown here :
Where can I find this private key file if it's sorted in the system when I download CSR ?
Also, if I change the upload method to use "Upload Certificate and Use Saved Private Key" it gives me this error :
Original Message:
Sent: Jan 30, 2023 06:47 PM
From: ariyap
Subject: Unable to import a Server Certificate into ClearPass
so did you use CSR for this? in the CSR you need to type in a private key.
Then when your AD CA signs it , you need to export that and then import it in ClearPass
and for this you should use the same private key that you specified in CSR process.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Jan 30, 2023 06:32 PM
From: ask74
Subject: Unable to import a Server Certificate into ClearPass
Hello there
I'm trying to follow this Obtaining and Installing a Signed Certificate From Active Directory article for CPPM v 6.11, however, I'm having issue when I try to import
a Server Certificate into ClearPass, and it keeps showing | Private Key File must be specified |
When I try to download CSR, it doesn't download the private keys (as with older version of CPPM). It says that Private keys is stored in the system
I don't know where can I specify the Private Key file
I can't find any recent documents that explain importing a Server Certificate into ClearPass for CPPM v 6.11.
Can anyone help me to resolve this issue | Private Key File must be specified |