Security

Reply
Contributor II

How to export ClearPass private key?

HI all,

 

Can someone tell me if we can redownload the (CSR and the) Private key after generating them in Clearpass?

 

Thanks!

 

Guru Elite

Re: How to export ClearPass private key?

Yes, click Export.

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor II

Re: How to export ClearPass private key?

Hi Tim,

 

Thanks you are fast :)

 

The customer did a CSR and copy and pased the CSR key to issue the certificate with the ca. So the private key where not downloaded and imported in clearpass when doing the CSR. When he tryed to download it from the export button, they get the default private key file (they assume) because  the password did not match when importing.

 

So this was the question.. other option is to regenerate a new CSR and repeat the process. But, im not sure if the generated private key is stored directly in clearpass.

 

thanks

 

 

 

 

New Contributor

Re: How to export ClearPass private key?

Basicaly the question is if you can recover from forgetting to download the Private Key files when generating the CSR.

 

I copied the content from begin certificate request to end certificate request and used it on the CA's website.

 

The CA send me a nice certifiate which I'm trying to import. Unfortunatly clearpass is asking for a private key to select which I don't have.

 

Is there a way to recover? Or do I need to generate a new CSR and purchase a new certificate?

 

Regards,

 

Rens

 

Guru Elite

Re: How to export ClearPass private key?

Couple of things

 

  • The private key is downloaded with the CSR
  • If you do not download the CSR and key, it cannot be redownloaded until the signed certificate is added
  • It is a general best practice to do CSRs and key generation on an external, secure box
  • Most CAs will allow a re-key without charging you again

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: How to export ClearPass private key?

Hello Tim,

 

Thanks for the reply. I'll contact the CA and ask them how to proceed.

 

Regards,

 

Rens

Occasional Contributor II

Re: How to export ClearPass private key?

In 6.7 it only downloads the CSR. I’m not able to import my signed cert because it wants the private key file. I’m importing into the CP server I generated the CSR from.
Aruba Employee

Re: How to export ClearPass private key?

You need to select the option "Upload Certificate and Use Saved Private Key" when you import the signed certificate.

 


Thank you,
Saravanan Rajagopal

**Did something you read in the Community solve a problem for you? If so, click "Accept as Solution" in the post.
Occasional Contributor I

Re: How to export ClearPass private key?

Hi 

 

ClearPass Policy Manager 6.7.3.106273

 

1. I am renewing certificates and also changing from GoDaddy to a Commodo server certificate at the same time. I will use the same certificate for HTTP & Radius "is this Ok"? This was done previously by prior IT Manager.

 

2. Should I upload the intermediate and root CA keys before trying to upload the Commodo Cert?

 

3. I just want to confirm:

I did not see the "Download CSR and Private Key Files" button and therefore I just copied the CSR and sent off to CSC who manage our domains and certificates. They will send me a commodo cert. "currently awaiting". As I did not download the Private Key, all I need to do when importing is select an option ""Upload Certificate and Use Saved Private Key"?

 

3.1 I assume CPPM server has some intelligence to match the none downloaded private key (stored by CPPM?) & provided Commodo cert during import by using the "Use Saved Private Key" option?

 

Regards

 

Tony

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: