Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass and IAP certificate query

This thread has been viewed 0 times

  • 1.  ClearPass and IAP certificate query

    Posted May 30, 2017 11:59 PM

    Hi all,

     

    I have a client who needs to obtain a public signed certificate for their IAP Virtual Controller and ClearPass in order to use the ClearPass Captive Guest Portal.

     

    The client has a public domain name for the Internet facing services, however ClearPass will sit on the internal network. ClearPass will need to join the internal domain in order to authenticate their RADIUS clients, but the public CA will not sign a CSR with an internal domain name. Does the domain name that ClearPass was configured with when built, have to match the AD domain name that it was joined to?

     

    I would like to append the public domain name to the ClearPass hostname so that the Public CA can sign all certificate requests.

     

    -Brett



  • 2.  RE: ClearPass and IAP certificate query
    Best Answer

    EMPLOYEE
    Posted May 31, 2017 12:01 AM
    You would just create the public DNS name in your internal DNS so clients can resolve it.


  • 3.  RE: ClearPass and IAP certificate query

    Posted May 31, 2017 12:08 AM

    Ok thanks Tim,

     

    So the DNS entry just has to match the common name in the certificate (or SAN) and clients will trust it?

     

    -Brett



  • 4.  RE: ClearPass and IAP certificate query

    EMPLOYEE
    Posted May 31, 2017 12:10 AM
    Yes, correct.