Occasional Contributor II

Onboard with Public Certificate

Hi All,


This is my first experience deploying Clearpass Onboard. I have a setup where Clearpass is integrated with Aruba controller and it's Onboard module generate client certificate for EAP-TLS. The client device are iPads.

We want to use public cert and run Clearpass CA as Intermediate CA. We created a new Intermediate CA and generated CSR to be signed.

Am I missing something for this scenario?


Re: Onboard with Public Certificate

That will not work, no public CA will sign your intermediate as that effectively breaks the SSL trust model.


Please read the document "CPPM - Certificates 101 Technote V1.2" from:


In short: the certificates that ClearPass Onboard issues as client certificates do not need any public trust as these are only used to validate the client on the network.


So use the built-in CA for issueing the client certificates, use a public trusted CA for your HTTPS Server certificate on the ClearPass server and the used RADIUS certificate depends on circumstances and can be either a public or private certificate.

If you have urgent issues, please contact your Aruba partner or Aruba TAC (click for contact details).
Occasional Contributor II

Re: Onboard with Public Certificate

Thank you Herman. I managed to figured it out in a hard way :-)

Search Airheads
Showing results for 
Search instead for 
Did you mean: