Security

Dear all experts,

Due to my customer is using Clearpass and he told me that "Server Certificate" is gonna expired. So last night i came to fix this problem like these steps :

1. Generate CSR from CPPM side by goto  Administration » Certificates » Server Certificate and Create Certificate Signing Request
2. Upload CSR file that just generate from CPPM side to Onboard side by goto Home » Onboard + WorkSpace » Management and Control » View by Certificate and click Upload Certificate Signed Request
3. And i export Certificate file from Onboard side and import it back to CPPM side. The result is  an expiry Date will be extended to Dec 11,2015. That the old one is gonna expired in 18 Dec 2014.
4. I tried to test with following these cases :
    4.1 802.1x with notebook installed Win7 and Win8. They can successfully authenticated and work fine.
    4.2 Guest authentication by using the same notebook Win7 and Win8. They can work fine too.
    4.3 Iphone authentication with onboard , it can work fine.
    4.4 Android authentication with onboard, it can't work. It showed me like an attachment file error.

 

It look like Android already been provisioned but it died on the last authentication step about bad certificate.

 

Could you please advice me how to check or fix it?

 

Thanks very much,

Did you try a reboot after the new cert was installed?

Yes , i did it. But still got the problem. Is it correct for my implementation step ??

Hi Troy,

 

Do we need to do anything at Android phone or anywhere else on CPPM or Onboard module?

 

Your setup sounds fine but how are you exporting the cert from the onboard side. I would use pem and include the full trust chain

Also if you are reonboarding the android I would open the network and provisioning setting and resave so a new package is built.

Oh!!! i export from onboard side with crt file, not pem file. And how can i include full trust chain from exporting?