Security

Reply
Highlighted

Be careful with expired certificates

If you do some testing in our production ClearPass, be sure not to have expired RADIUS service certificates. We had one just expire (meant to fix it next week as it was for new service I was testing on) and this caused our whole CPPM cluster to fail. Might have been because I was adding a new subscriber which might have done a refresh for the RADIUS service.

 

In all our CPPM servers RADIUS service stopped and didn't start. 

 

Problem was that the RADIUS service certificate mapped to a service under Authentication -> Service Certificate expired. After we switched it to a valid certificate everything started working again.

 

This was on 6.8.2

 

(btw is it possible to update subscribers first to a newer version and only after that the publisher?)

Highlighted
Guru Elite

Re: Be careful with expired certificates

It is well known that if the radius certificate expires the radius service stops: https://community.arubanetworks.com/t5/Security/CPPM-RADIUS-cert/td-p/271086

 

You can also configure clearpass to alert you via email when this happens:  https://community.arubanetworks.com/t5/Security/Radius-Certificate-Expiration-Alert/m-p/552596#M45658


*Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba Networks or Hewlett Packard Enterprise.*
ArubaOS 8.5 User Guide
InstantOS 8.5 User Guide
Airheads Knowledgebase
Airheads Learning Videos
Remote Access Point Solution Guide
ArubaOS Consolidated Release Notes
ArubaOS 8 ViA VPN Solution Guide
Highlighted

Re: Be careful with expired certificates

Wonder if this mentioned in the manuals? Of course it's my fault for not updating the certificate, but for future reference I'd like to check if there are other similar things that I should be aware of.

 

Now the expired certificate issue is very well known to us too

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: