Security

last person joined: 12 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Be careful with expired certificates

This thread has been viewed 13 times

  • 1.  Be careful with expired certificates

    Posted May 23, 2020 07:27 AM

    If you do some testing in our production ClearPass, be sure not to have expired RADIUS service certificates. We had one just expire (meant to fix it next week as it was for new service I was testing on) and this caused our whole CPPM cluster to fail. Might have been because I was adding a new subscriber which might have done a refresh for the RADIUS service.

     

    In all our CPPM servers RADIUS service stopped and didn't start. 

     

    Problem was that the RADIUS service certificate mapped to a service under Authentication -> Service Certificate expired. After we switched it to a valid certificate everything started working again.

     

    This was on 6.8.2

     

    (btw is it possible to update subscribers first to a newer version and only after that the publisher?)



  • 2.  RE: Be careful with expired certificates

    EMPLOYEE
    Posted May 23, 2020 07:31 AM

    It is well known that if the radius certificate expires the radius service stops: https://community.arubanetworks.com/t5/Security/CPPM-RADIUS-cert/td-p/271086

     

    You can also configure clearpass to alert you via email when this happens:  https://community.arubanetworks.com/t5/Security/Radius-Certificate-Expiration-Alert/m-p/552596#M45658



  • 3.  RE: Be careful with expired certificates

    Posted May 23, 2020 07:33 AM

    Wonder if this mentioned in the manuals? Of course it's my fault for not updating the certificate, but for future reference I'd like to check if there are other similar things that I should be aware of.

     

    Now the expired certificate issue is very well known to us too