Security

Reply
Highlighted
Frequent Contributor II

CPPM Termination Cluster with Certificate using Multiple Subject Alternative Names

I am trying to verify that this will work before purchasing a new certificate. I'm moving from MS NPS to ClearPass for RADIUS authentication and need a new certificate. I have two ClearPass servers configured in a cluster with no shared VIP. Can I use one certificate with multiple SANs on both devices?

 

for instance the FQDN for both boxes are clearpass01.domain.com and clearpass02.domain.com

 

I was going to make the main url clearpass.domain.com and the two SANs

clearpass01.domain.com

clearpass02.domain.com

 

Will this work or do I need to get a certificate for each server? I was using a wildcard for certificate validation on the supplicant.

 

Thanks,

 

Rosie


Accepted Solutions
Highlighted
Moderator

Re: CPPM Termination Cluster with Certificate using Multiple Subject Alternative Names

Yes, you can.

 

The common name should be something generic as this is what will be presented users when tunneled EAP methods are in use. Each server should have a SAN defined.

 

The supplicant only needs to be configured for the common name. SANs are ignored with EAP.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post


All Replies
Highlighted
Moderator

Re: CPPM Termination Cluster with Certificate using Multiple Subject Alternative Names

Yes, you can.

 

The common name should be something generic as this is what will be presented users when tunneled EAP methods are in use. Each server should have a SAN defined.

 

The supplicant only needs to be configured for the common name. SANs are ignored with EAP.



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: