Security

Hi all,

I configured an default service template "802.1x Wired". When i connect my client i see following error in my Access Tracker:

I have on my server an self-signed cert. Thats why the error says unknow ca i think. But when i try to add my self-signed cert into Clearpass trusted list i got this:

But pkcs 12 is the only way i can export my cert from the server?

Anyone an idea?

Thanks!

, We can convert file to support format manually and upload certificate to server trust list.

You can use online tool aswell for certificate conversion if it is for POC purpose.

https://www.sslshopper.com/ssl-converter.html

Thanks for the reply!

But the error is still the same..

Any idea? Or can i just delete the self-signed cert.

Because its just an POC.

Does the clearpass has a Radius(service) certificate as well from the same CA?

No, i just created on my windows server an self-signed cert and imported this in the root ca on the client. How do i create an radius cert?

1. Create a CSR on your clearpass (Administration, Certificates, Certificate Store, create Certificate Signing Request)
2. Sign it by your CA
3. import the signed certificate by your CA on the same page in clearpass => Import Certificate)
4. assign this certificate to your wired service
   

    

Sorry, but how can i sign the CSR with my CA?

Thanks!

Check below link on how to submit CSR request to internal AD certificate authority.

Submit the Request to Active Directory Certificate Services

https://support.embotics.com/support/solutions/articles/8000035243-generating-and-installing-an-ssl-certificate-with-active-directory-certificate-services

indeed, or google "sign a csr on AD CA"

https://www.google.com/search?client=firefox-b-d&q=sign+a+csr+on+AD+CA