Security

Hi, I have been hit by  Comodo AddTrust Root Expiration.

The certificate chain has expired - I know very little about certificates and I wondered if anyone could help restoring the comodo certificate chain.

I can access clearpass because it not has not expired on browsers.  But the access tracker shows nothing because the trust is gone.

Or a work around for it?

If the current certificate is signed by the Root CA (which I suspect it is) you will also need to renew the certificate via Comodo too.

You can download the current Root & Intermediate CAs from Comdo for below, these will need to be uploaded to CPPM prior uploading a new certificate.

https://support.comodo.com/index.php?/comodo/Knowledgebase/List/Index/75/instantsslenterprisesslintranetssl

There is an excellent Tech Note regarding certificates which details how to obtain a CSR, certificate types and the best practices for different CPPM deployments.

CPPM - Certificates 101 Technote V1.2.pdf 

*EDIT* - Added correct Tech Note link

Hello

I am afraid that link takes you to the old certificates that have expired. I am confused.

Have you reached out to Comodo then to request the new Root/Intermediate certs? Once you have these certs, Comodo will need to sign your certificate in order for it to be valid.

Comodo now known as sectigo, now uses a 3 step certificate chain instead of four.  After the 30th of may the old certificates are no longer valid.

Managed to put the three certificates into a new certificate chain and imported it into clearpass.

The subscriber needed a services restart but back to normal again.

Browsers and devices usually handle this themselves, but you have to do it manually on clearpass.

I live and learn

Thanks!

PS Thanks TAC team 

Glad to hear it is sorted!