Security

Hi,

We have setup ClearPass policy Manger with Publisher/subscriber model. We are not using data ports and using only management ports. 

 

in-cppm1.domain.com ---->192.168.200.26

in-cppm2.domain.com----->192.168.200.27

in-cppmvip.ingrnet.com---->192.168.200.28

Now my question is how many certificates are needed for the above setup and we are going to use all the features of CPPM i.e. wireless authentication, RADIUS, Guest portal, OnGuard and OnBoard.

 

I have go through the technical note "CPPM - Certificates 101 Technote V1.0" but still need suggestion. 

We are planning to have wildcard certificate i.e. *.domain.com for https but how many certificates are needed for dot1x authentication where we are using VIP for the cluster setup.

 

Thanks,

Yugandhar.

If you're using a wildcard for HTTPS, then you just need a standard server certificate for EAP with a generic common name like "auth.yourdomain.xyz" or "ClearPass.yourdomain.xyz"

Thank you for the response. But while importing wildcard certificate for https server, we are getting error even though enabled in Trusted certificate list like "certificate with appropriate Subject key identifier must be added and enabled in Trusted certificate list. Please suggest. Thanks, Yugandhar

Hi Yugandhar,

 

We generally see this error message if their is no proper certiifcate chain installed. Please follow my old post which proivde details on how certiifcate chain

 

http://community.arubanetworks.com/t5/Network-Management/Analytics-amp-Location-Engine-how-upload-SSL-Certificate/m-p/293559#M6507

 

If you have intermediate CA aswell, make sure it is added to trust list aswell and also check whether you are proivding correct private key details.

 

Regards,

Pavan

If my post addresses your query give kudos:)

For .1x you only need one that can be shared between the 2

Get Outlook for iOS