Contributor I

Onboard with ADCS - Certificate doesn't have private key

Staring a new thread on this issue...


I've got Onboard configured as an intermediate CA to ADCS. When devices go through the Onboarding process, a certificate is created in ADCS, and it also shows up in the Onboard certificate list.

However, the certificate is not installed in the client machine.


Upon inspection of the certificate, I see that it does not contain the private key.  :-(   

From experimenting, I've noticed that Windows won't install a certificate in the Personal store, unless it's got a private key.


Is there any setting in Clearpass that affects the certificate request that is sent to ADCS?


I realize that this could certainly be a Windows CA configuration issue, but has anyone else seen this? I've used the User template, and also created a new one. The template has 'Allow private key to be exported' checked.





Search Airheads
Showing results for 
Search instead for 
Did you mean: