Security

Reply
Regular Contributor II

Re: Clearpass 802.1x template unknown_CA

Hi Guys

 

So we need to buy a certificate, even though we are not connecting 802.1x to AD.. Correct?

 

The alternative that is disable the validation in all windows clients is not secure for us or the client

 

To buy it should be like this certifcate? http://comodo.redalia.es/positivessl/

 

Buy and then import to Clearpass correct?

 

Regards

 

 

 

 

 

Guru Elite

Re: Clearpass 802.1x template unknown_CA

Yes, that cert will work.


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Regular Contributor II

Re: Clearpass 802.1x template unknown_CA


@cappalli wrote:

Yes, that cert will work.


Hi,

 

Do you know a certificate free for testing purpose?

 

Regards

Guru Elite

Re: Clearpass 802.1x template unknown_CA

https://www.comodo.com/e-commerce/ssl-certificates/free-ssl-certificate.php


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted
Regular Contributor II

Re: Clearpass 802.1x template unknown_CA

Regular Contributor II

Re: Clearpass 802.1x template unknown_CA

Hi,

 

I am going to issue a free certificate  with Comodo for testing purposes. ( 90 days)

Since I have not yet integrate Clearpass with AD, and for free certificate we need a domain name, what should i do?

 

The domain at the client internal is xx.local , not accepted to free ssl certificates.

 

Could i use the the external xx.pt for issuing the certificate? is going to work for tests?

 

thanks

 

regards

Guru Elite

Re: Clearpass 802.1x template unknown_CA

For RADIUS, you can use any DNS name that you want.

If you'd like this cert to also be used for the web GUI of ClearPass, then it should match the DNS name of ClearPass.

Sent from Nine

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Regular Contributor II

Re: Clearpass 802.1x template unknown_CA

OK

 

thanks. So if I join Clearpass to AD for later Ad authentication purpose we can use any dns name on the certificate or it should match the . local domain. (clearpass.xx.local)

 

Regards

Guru Elite

Re: Clearpass 802.1x template unknown_CA

Well, you'll want to access GUI via a real domain name or you'll get a certificate error. Not a huge deal for admin use but if you end up using guest, you'll need to use a real DNS entry.

Sent from Nine

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Regular Contributor II

Re: Clearpass 802.1x template unknown_CA

Always better to use real name I agree.

 

My only dought was because free ssl does not accept .local.

 

I assume that if I buy the certificate .local is fine

 

Thanks

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: