Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass Certificate Chain installation

This thread has been viewed 13 times

  • 1.  ClearPass Certificate Chain installation

    Posted Jun 03, 2020 05:54 AM

    Hi.

     

    It is my understanding that it is best to install the full certificate chain into ClearPass. i.e. the server certificate, intermediate and root CA, in one chain.

     

    When I try to upload the whole chain, I get an error saying the following. I'm using ZeroSSL.com

     

    Certificate CA "CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US" with appropriate Subject Key Identifier must be added and enabled in Certificate Trust List

     

    So I then manually install the root CA into the Trust List and add the services that I want to use it for. ClearPass will then allow me to install the whole certificate chain. Is this common?

     

    Thanks.



  • 2.  RE: ClearPass Certificate Chain installation

    Posted Jun 03, 2020 09:11 AM
    In the chain just include the RADIUS or HTTPS cert and intermediate cert

    Don’t include the RootCA



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: ClearPass Certificate Chain installation

    EMPLOYEE
    Posted Jun 03, 2020 12:55 PM

    Hi Hammer,

     

    Yes, this is the right way. You add the Root CA as as trusted CA in the Trust List and specify its usage.

     

    Then you add the full certificate chain (excluding the Root CA) to ClearPass.