Network Management

Reply
Occasional Contributor II

CPPM 6.7 Clusterwide Certificate install

Hi all,

 

After reading the Clearpass 6.7 deployment guide and other associated documents, installing  a Public Certificate cluster wide is as clear as mud.

 

With previous versions of clearpass when creating a CSR you could download both the CSR and the private key, this would then allow the created certificate file to be imported along with the private key to all cluster members.

 

CPPM 6.7 does not seem to allow the export of the private key therefore the question is, if a CSR is created on the cluster master and the subsequent ceritificate is imported to the cluster master does this replicate cluster wide? or is there an alternate methodology for 6.7?

 

Many thanks

 

Dave

Re: CPPM 6.7 Clusterwide Certificate install

Create the CSR on another machine. Then you have the CSR and private key.

E.g. use openssl on your computer to generate the CSR and private key.

Check here for the commands to use. https://www.sslshopper.com/article-most-common-openssl-commands.html


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Occasional Contributor II

Re: CPPM 6.7 Clusterwide Certificate install

HI James,

 

Thanks for that swift reply, makes perfect sense! & very helpful

 

Thanks again

 

Dave

Re: CPPM 6.7 Clusterwide Certificate install

Hi,

No problem. Bookmark that openssl guide! It's great one.


Cheers
James
----------------------------------------------------------------------
--------------------------@whereisjrw--------------------------
---------------------------------blog-------------------------------
ACCX #540 | ACMX #353 | ACDX #216 | AMFX #11
----------------------------------------------------------------------
----------------------------------------------------------------------

If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
Guru Elite

Re: CPPM 6.7 Clusterwide Certificate install

Just to be clear, the private key can be exported after installing the signed certificate. There is no need to have access to the private key before that.

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor II

Re: CPPM 6.7 Clusterwide Certificate install

Hi,

 

Just to be clear does that mean we can export it as pkcs#12 then directly import to the other cluster members?

 

thanks

 

Dave

Occasional Contributor II

Re: CPPM 6.7 Clusterwide Certificate install

I have my signed request, CP 6.7 complains that I need to the private key when trying to import they signed cert. What am I missing here? Any help would be appreciated, TAC was not able to help me today on this subject matter. They advised that I need to go back to GoDaddy and ask for a different certificate. I have the bundled .crt file. 

 

Thanks

Aruba Employee

Re: CPPM 6.7 Clusterwide Certificate install

Yes.

 

"Just to be clear does that mean we can export it as pkcs#12 then directly import to the other cluster members?"


Thank you,
Saravanan Rajagopal

**Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the post.
Aruba Employee

Re: CPPM 6.7 Clusterwide Certificate install

Where did you generate the CSR?

"I have my signed request, CP 6.7 complains that I need to the private key when trying to import they signed cert. What am I missing here? Any help would be appreciated, TAC was not able to help me today on this subject matter. They advised that I need to go back to GoDaddy and ask for a different certificate. I have the bundled .crt file." 


Thank you,
Saravanan Rajagopal

**Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the post.
Occasional Contributor II

Re: CPPM 6.7 Clusterwide Certificate install

Same day as receiving the signed cert. last week sometime.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: