Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Certificate File is not suitable for web server authentication message

This thread has been viewed 8 times

  • 1.  Certificate File is not suitable for web server authentication message

    Posted Oct 02, 2013 12:05 PM

    Hi,

    I'm just setting up an eval clearpass 6.2 system and am trying to import a server certificate. I've used this cert provider on loads of servers and they've always gone in just fine. The CN is airwave.york.ac.uk with a SubjectAlternateName of clearpass.york.ac.uk.

     

    I've imported the root cert and both the intermediate certs but when I try and import the server cert I get "Certificate File is not suitable for web server authentication"  appearing. Is it something to do with the fact that the CN isn't clearpass.york.ac.uk? Any way round this?

     

     

    Rgds

    Alex

     



  • 2.  RE: Certificate File is not suitable for web server authentication message

    EMPLOYEE
    Posted Oct 02, 2013 06:32 PM
    What cert format are you using?

    Pem, P12, P7b, etc


  • 3.  RE: Certificate File is not suitable for web server authentication message

    Posted Oct 03, 2013 04:31 AM

    PEM base formt. file extension =.crt

    Rgds

    Alex

     



  • 4.  RE: Certificate File is not suitable for web server authentication message

    Posted Oct 08, 2013 06:18 AM

    Hi Troy,

    Any news on this?

    A



  • 5.  RE: Certificate File is not suitable for web server authentication message

    EMPLOYEE
    Posted Oct 08, 2013 06:37 AM

    alexsuoy,

     

    If you can open it on a Windows Computer, please look to see what it says under the Enhanced Key usage:

     

    http://blogs.msdn.com/b/kaushal/archive/2012/02/18/client-certificates-v-s-server-certificates.aspx

     

     



  • 6.  RE: Certificate File is not suitable for web server authentication message

    Posted Oct 08, 2013 07:52 AM

    I've got a server cert, Using  openssl x509 -text -in <autoconnect.crt> -noout I get

     

    ......

    X509v3 extensions:
    X509v3 Authority Key Identifier:
    keyid:0C:BD:93:68:0C:F3:DE:AB:A3:49:6B:2B:37:57:47:EA:90:E3:B9:E

    X509v3 Subject Key Identifier:
    4B:FF:F1:B9:ED:59:A1:27:A8:2C:36:0F:59:05:E8:FB:2F:35:E4:E6
    X509v3 Key Usage: critical
    Digital Signature, Key Encipherment
    X509v3 Basic Constraints: critical
    CA:FALSE
    X509v3 Extended Key Usage:
    TLS Web Server Authentication, TLS Web Client Authentication
    X509v3 Certificate Policies:
    Policy: 1.3.6.1.4.1.6449.1.2.2.29
    Policy: 2.23.140.1.2.1

     

    ....

     

    Cert obtained from JANET Certificate authortity. 

     

    Rgdd

     

    alex

     



  • 7.  RE: Certificate File is not suitable for web server authentication message

    EMPLOYEE
    Posted Oct 08, 2013 07:54 AM

    Please open a support case.  You could have a unique problem.

     



  • 8.  RE: Certificate File is not suitable for web server authentication message

    Posted Aug 08, 2017 09:17 PM

    While getting the CSR from clearpass to be signed by the ADCS, ensure that you have selected "Certificate Template = Web Server" in ADCS.