Occasional Contributor II

Import Server Certificate on ClearPass (EAP-TLS authentication)



I am in the process of setting up ClearPass to act as an EAP-TLS authenticator and for that I need to import the CA certificate into it.


All I have is the .crt file (pem type) provided by my customer, while ClearPass seems to require:


- The actual certificate file

- The private key file

- The private key password


Since, I do not have the last two items, please could smebody confirm they are necessary to import the CA certificate? Also, am I correct in saying that the CA should generate those when exporting the certificate?


I searched the 6.4 user guide for this, but found no clarification over those points. Has anyone ever setup ClearPass to authenticate EAP-TLS clients who could shed some light over this?


Many thanks,



Guru Elite

Re: Import Server Certificate on ClearPass (EAP-TLS authentication)

If you don't have the private key, you'll need to do a CSR from ClearPass and sign it with your CA. 


| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.

Re: Import Server Certificate on ClearPass (EAP-TLS authentication)

A lot of this data is covered in depth in my ClearPass PKI TechNote. Take time to resd this to familiary yourself with all thats is PKI and ClearPass.


Find it here. CPPM - Certificates 101 Technote V1.0 .pdf

Best Regards

ClearPass Product Manager

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Search Airheads
Showing results for 
Search instead for 
Did you mean: