Regular Contributor I

ClearPass HTTPS certificate



I've been reading the ClearPass Certificates 101 v1.2 guide and trying to set up HTTPS certs on our ClearPass cluster (Publisher and 3 subscribers).


I generated a CSR on the publisher which used the VIP DNS name for the CN, and then in the SAN field I listed the 4 DNS names of the individual boxes, and their IP addresses (though actually it looks like the IP addresses haven't made it into the final certificate which I'm investigating with the issuer). The plan is to install the same cert on all the boxes.


I have the new crt certificate file from our public CA and have successfully installed it on the publisher, but when I try to install it on the other boxes (from the publisher GUI) I get an error because the private key file isn't present on those boxes. I don't have the private key file, but is there a way to copy it from the publisher to the other boxes to avoid this problem? Or is there another solution?


Thanks in advance,



MVP Guru

Re: ClearPass HTTPS certificate

Not sure why that never works but if you call TAC they assist you with getting the private key from shell

Sent from Mail for Windows 10
Thank you

Victor Fabian
Lead Mobility Architect @WEI
Regular Contributor I

Re: ClearPass HTTPS certificate

I had missed the obvious solution - on the Certificate Store page once I had imported the new cert to the publisher there is an option to export the cert which produces a .p12 format file, so I did that and then I could import that file to the other controllers individually. Thanks

Guru Elite

Re: ClearPass HTTPS certificate

The private key is only available on the node it was created. Any other operations require an export and import.

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
Showing results for 
Search instead for 
Did you mean: