Security

last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

This thread has been viewed 60 times

  • 1.  Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

    Posted Jul 10, 2017 09:17 AM

    Hello community,

     

    We have migarated our Clearpass from a hardware appliance 500 to a virtual Clearpass CP-VA-500 version 6.6.5.93747 . I have created a VM on an ESXi server, did the basic config and restored the backup from the hardware appliance. After that I had to install our public cerificate for the CP portal page. Everything works fine, except when I try to online activate our licenses, I get the Error: 'Client certificate-chain validation failed'.

    How can I evaluate which certificat is responsible for this error?

     

    Tanks for any hints.

    Konrad

     



  • 2.  RE: Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

    Posted Jul 10, 2017 11:44 AM
    You need to contact tac so they deactivate the license on the other box and then it will allow you to activate it on the new one

    Get Outlook for iOS


  • 3.  RE: Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

    Posted Jul 10, 2017 11:55 AM

    Hi Victor,

     

    Thank you for this hint.

    I have already a TAC open for the migration to VM and the license activation on the VM. The licenses on the appliance  are already deactivated by TAC. Because of the certification problem the TAC tries to offline activate the licenes. Thats ok for the first step, but finally I would like to solve the problem at the roots. Maybe someone had a similar problem an may give me a hint.

     

    Thanks and greetings from Switzerland

    Konrad



  • 4.  RE: Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

    EMPLOYEE
    Posted Jul 11, 2017 05:39 AM

    Konrad,

    Did you check the clock on the new ClearPass appliance? If it is off (by months) it might be that one of the certs is considered expired or not valid yet.

    Another thought, could it be that the https traffic from ClearPass to the internet runs through a proxy that intercepts the SSL traffic (ssl inspection)? That can render the traffic invalid as well.

    Working with TAC should give the quickest resolution.

    73, Herman



  • 5.  RE: Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

    Posted Dec 04, 2018 06:03 AM

    Hello, I have the same problems with a new Clearpass 6.7 installation:

    Action Status: Client certificate-chain validation failed
    Product Name: ClearPass Platform

    I have checked time and firewall, the only internet traffic I can see in the firewall is the Clearpass server is trying to connect to external NTP servers, but I have configured internal ones that works, no other traffic to internet. How do I proceed?



  • 6.  RE: Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

    EMPLOYEE
    Posted Dec 04, 2018 08:35 AM
    Please work with Aruba TAC.


  • 7.  RE: Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

    Posted May 24, 2019 04:21 PM

    Hi everyone,

     

    Maybe you have solved the problem. If someone has the same issue, try installing these patches, it worked for me:

     

    https://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/ClearPass-license-activation-failure/ta-p/496584

     

    Regards,

    Julián



  • 8.  RE: Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

    Posted Jun 11, 2019 02:58 AM

    hi,

     

    is there a patch for 6.8.x as well? Unfortunately it looks like the lic activation isn't working and exiting with the same error.

     

    Action Status: sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: unable to find certificate chain
Product Name: ClearPass Platform


  • 9.  RE: Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

    EMPLOYEE
    Posted Jun 11, 2019 03:36 AM

    For license activation related issues, it's best in most cases to call Aruba TAC. Most license activations work without any issue, and if some fail the Aruba TAC needs to know to fix it.



  • 10.  RE: Clearpass License Online Activation fails with 'Client certificate-chain validation failed'

    Posted Mar 22, 2022 12:22 PM
    I know this is an old topic but for what it is worth I just installed a new VM CPPM added my product key and went to activate it.  I ran into the same error as the original poster.  To resolve this I went to software updates entered the required username and password to download software updates.  I then upgraded from 6.9.0 to 6.9.9 and after the reboot I was able to activate the license without any error.  Hope this helps someone.

    ------------------------------
    Alan Scott
    ------------------------------

    Original Message