Security

Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here
Reply
Highlighted
Frequent Contributor I

CLearpass Downloadable roles with Aruba 2930f switch

Hi I have few questions,

 

I am building network for client demo and want to show him downloadable roles with (QoS, ACL and so on) from Clearpass.

 

 

I have evaluation CLearpass server with self signed  https certificate, Wired Policy Enforcement guide says that I need to install clearpass root ssl certificate to swtich trusted anchors repository.

 

I downloaded Clearpass self signed SSL certificate root from web browser and try to push it to switch over tftp, but switch do not accept it,

 

I tried all certificate types : der, base-64, pem, p7b but it only says that

 

"Aruba-2930F-8G-PoEP-2SFPP# copy tftp ta-certificate DEMO 192.168.77.92 DEMO.crt

000M Transfer is successful
Invalid Trust Anchor certificate.
Aruba-2930F-8G-PoEP-2SFPP# Invalid Trust Anchor certificate"

 

 

 

Can someone  explain whhat I am doing wrong?

 

 

 

 

 

 

 

Highlighted
Moderator

Re: CLearpass Downloadable roles with Aruba 2930f switch

Self-signed certificates are not supported.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Frequent Contributor I

Re: CLearpass Downloadable roles with Aruba 2930f switch

So for Clearpass downloadable roles demo deplyoment I need to buy public SSL certificate? Really?

Highlighted
Moderator

Re: CLearpass Downloadable roles with Aruba 2930f switch

Non self-signed != Public

It can be from an internal PKI or ClearPass itself, however, it is very rare to not have a public HTTPS cert for ClearPass as it is require for many functions.


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor I

Re: CLearpass Downloadable roles with Aruba 2930f switch

You don't have to buy certificate for the demo or production. Public cert s are good for hotspot or onboard. For radius you can make certificate request from clearpass and sign it with your internal cert server. it worked for me.

Highlighted
New Contributor

Re: CLearpass Downloadable roles with Aruba 2930f switch

I had the same issue, the following worked for me.

I went to Administration>Certificates>Trust list, clicked on cert with subject "Aruba Networks Trusted Computing Root CA", enabled it, exported to TFTP, then copied to switch. The switch took it.

image.png

New Contributor

Re: CLearpass Downloadable roles with Aruba 2930f switch

Clearpass version 6.9

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: