Security

Hi I have few questions,

 

I am building network for client demo and want to show him downloadable roles with (QoS, ACL and so on) from Clearpass.

 

 

I have evaluation CLearpass server with self signed  https certificate, Wired Policy Enforcement guide says that I need to install clearpass root ssl certificate to swtich trusted anchors repository.

 

I downloaded Clearpass self signed SSL certificate root from web browser and try to push it to switch over tftp, but switch do not accept it,

 

I tried all certificate types : der, base-64, pem, p7b but it only says that

 

"Aruba-2930F-8G-PoEP-2SFPP# copy tftp ta-certificate DEMO 192.168.77.92 DEMO.crt

000M Transfer is successful
Invalid Trust Anchor certificate.
Aruba-2930F-8G-PoEP-2SFPP# Invalid Trust Anchor certificate"

 

 

 

Can someone  explain whhat I am doing wrong?

 

 

 

 

 

 

 

Self-signed certificates are not supported.

So for Clearpass downloadable roles demo deplyoment I need to buy public SSL certificate? Really?

Non self-signed != Public

It can be from an internal PKI or ClearPass itself, however, it is very rare to not have a public HTTPS cert for ClearPass as it is require for many functions.

You don't have to buy certificate for the demo or production. Public cert s are good for hotspot or onboard. For radius you can make certificate request from clearpass and sign it with your internal cert server. it worked for me.

I had the same issue, the following worked for me.

I went to Administration>Certificates>Trust list, clicked on cert with subject "Aruba Networks Trusted Computing Root CA", enabled it, exported to TFTP, then copied to switch. The switch took it.

Clearpass version 6.9