Security

Anyone ever have any problem loading up a COMODO server cert to Clearpass?

What exactly is the issue? Are you getting an error on import or is it a
client issue?

I have been working with Dave Dipert from DNS and we have figured that the cert is properly installed into CPPM in the correct chain of trust order (otherwise it won't accept it when you try to upload it). However when ever I connect with a win7 device i get this error:

 

 

So now we are not quite sure where to go from here...

That's the client side server certificate check for PEAP. You either need
to manually configure the client with the appropriate certificate and
server trusts or use a supplicant configuration utility like QuickConnect

Ok, thats where we were headed as a conclusion as well. Question to you Tim, would a cert from another vendor have the same problem? Would the easiest solution be getting a cert from say GoDaddy or Verisign for example? Or do you think there is an issue with the individual cert we purchased?

All certificates will do this. Each SSID profile on a device has a trusted
CA and trusted server name. If the CA that issues your server cert is not
preconfigured for that SSID profile, you will get that warning.

All it's saying is: do you trust this server so I can send your credentials
to it?

You suggested using Quickconnect, would Onboarding (since I have the licenses) take care of it as well? (I am a CPPM noob incase you couldn't tell LOL)

QuickConnect is a standalone dissolvable product that handles supplicant
configuration without the need to onboard. It's good for basic
peap-mschapv2 and ttls. If you are doing certificate authentication and
enrollment (EAP-TLS) you should use CP OnBoard.

This message often reads as an error but its a normal part of the EAP-PEAP process