Security

Reply
Occasional Contributor II

Certificate in Publisher/Subscriber model

I am learning some certificate basics in a stage environment prior to using them in a production environment.

I current have 2 ClearPass PMs. One in a Publisher role and one in a Subscriber role. I have a VIP configured.

Today I installed a new Radius Certificate on the Publisher. The certificate has SAN information for both the Publisher and Subscriber. The certificate CN is the FQDN of ip of the VIP.

 

Do I need a cert for the publisher as well?

Highlighted
Guru Elite

Re: Certificate in Publisher/Subscriber model

You should install the same EAP server certificate on all nodes in the cluster. The EAP server cert does not need any SANs besides the CN value which should be a generic name (networklogin.yourdomain.com, etc).

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: