o.k. so just to make sure,
went to clearpass, certificet trust store and downlpoaded the intemediate cert from there. Also downloaded the root CA as well. Copied them into my tftp server
Copied the intermediate into ClearP-X-B
to check
sh crypto pki ta-profile ClearP-X-B
gives
Profile Name Profile Status CRL Configured OCSP Configured
--------------- ------------------------------ --------------- ---------------
ClearP-X-B 1 certificate installed No No
Trust Anchor:
Version: 3 (0x2)
Serial Number:
2f:21:28:08:15:d6:ed:d8:f9:3e:63:a0:f6:29:e7:40
Signature Algorithm: sha256withRSAEncryption
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Validity
Not Before: Dec 22 00:00:00 2014 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO SHA-256 Organization Validation Secure Server CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
However the cert store doesn't actually have the AddTrust root CA there that this cert chais to so created
crypto pki ta-profile ADDTRUST_CA
and uploaded the root cert into it, then did
sh crypto pki ta-profile ADDTRUST_CA
Profile Name Profile Status CRL Configured OCSP Configured
--------------- ------------------------------ --------------- ---------------
ADDTRUST_CA 1 certificate installed No No
Trust Anchor:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1withRSAEncryption
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Validity
Not Before: May 30 10:48:38 2000 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Power cycled the device and still get
certificate against.
0001:20:52:12.18 CRYP mcppmTask:Unable to find root certificate to validate
certificate against.
0001:20:52:12.54 CRYP mcppmTask:Unable to find root certificate to validate
certificate against.
0001:20:52:12.54 CRYP mcppmTask:Unable to find root certificate to validate
certificate against.
0001:20:52:12.56 MAC mWebAuth:Failed to apply user role dup35182-3121-2_7Z4q to
macAuth client B827EB63DF46 on port 2/11: user role is invalid.
0001:20:52:12.56 MAC mWebAuth:Port: 2/11 MAC: b827eb-63df46 [22] assigned role
'dup35182-3121-2_7Z4q' failed, attempting to apply initial role.