Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass RADSEC Error

This thread has been viewed 51 times

  • 1.  ClearPass RADSEC Error

    Posted Jul 24, 2019 10:19 PM
    We recently starting receiving the following alerts from our ClearPass server. Has anyone else seen this or have any idea what may be the cause? Any information you can provide would be greatly appreciated. Thanks...


    Policy Manager Server Source Level Category Action Timestamp

    cppm01 (10.20.80.13) RADSEC ERROR Configuration Please install new certificate. Jul 16, 2019 03:00:34 EDT
    cppm01 (10.20.80.13) RADSEC ERROR Configuration Please install new certificate. Jul 16, 2019 03:00:04 EDT
    cppm01 (10.20.80.13) RADSEC ERROR Configuration Please install new certificate. Jul 16, 2019 02:45:38 EDT
    cppm01 (10.20.80.13) RADSEC ERROR Configuration Please install new certificate. Jul 16, 2019 02:45:05 EDT


  • 2.  RE: ClearPass RADSEC Error
    Best Answer

    Posted Jul 24, 2019 10:26 PM
    RADSec is a new feature that was added in 6.7.4 by default ClearPass is configured with a self signed RADsec cert that is valid for 1year which look like it expired

    To fix this you just need to re-generate a new self signed under Administration > Certififcate>Certificate Store> Select Usage RADsec



    Thank you

    Victor Fabian

    Pardon typos sent from Mobile


  • 3.  RE: ClearPass RADSEC Error

    Posted Jul 25, 2019 10:28 AM

    Awesome!  Thanks Victor!  That appeared to be the fix.  The RADSEC cert was definitely expired.  Have a great day!



  • 4.  RE: ClearPass RADSEC Error

    Posted Jan 13, 2020 12:09 AM

    Hi, we have a cluster of 1 publisher and 2 subscribers in our production environment, and I can see the publishers RadSec cert is about to expire. Could I just create a new self-signed one with a 5 year expiration without affecting the running environment in any way?



  • 5.  RE: ClearPass RADSEC Error

    MVP GURU
    Posted Jan 13, 2020 07:13 AM
    @caugdahl wrote:

    Hi, we have a cluster of 1 publisher and 2 subscribers in our production environment, and I can see the publishers RadSec cert is about to expire. Could I just create a new self-signed one with a 5 year expiration without affecting the running environment in any way?

    Yes !



  • 6.  RE: ClearPass RADSEC Error
    Best Answer

    Posted Jan 23, 2020 06:55 AM

    We had to renew the RADSEC certificate too.
    I just would like to add that we had to restart our CPPM publisher after renewal of the cert.

     

    Version is 6.8.3.110034.



  • 7.  RE: ClearPass RADSEC Error

    Posted Jan 27, 2020 02:41 AM

    We did not have to restart our environment on version 6.8.2.109931. It's probably smart to take a restart into consideration just to be sure however.