Single certificate deployment for ClearPass Cluster
3 weeks ago
I've read Certificates 101 which helps a lot with how to format the CSR... SAN Fields etc.
However, we have multiple CPPM servers and i would like to use 1 certificate (signed by an external CA), for both Radius and HTTPS on all servers.
Can you generate the CSR on any of the CPPM servers and assuming the SAN fields are correct it will work? We currently have generated a seperate CSR on each CPPM server, but to help ease administration 1 certificate for all servers seems like a good idea.
I was worried that if i generated the CSR on CPPM-A for example, the signed cert would only work on that CPPM server. Does anyone know which CPPM server to generate the CSR on to use 1 certificate on multiple CPPM servers?
Re: Single certificate deployment for ClearPass Cluster
3 weeks ago
- 1x for RADIUS (you only need 1x common name)
- 1x for HTTPS (this cert can be multiple purpose : management access , guest captive portal , etc..and if that is a requirement you will need to add all the ClearPass nodes FQDNs as SAN or you could also use a wildcard cert)
You can generate the CSR from any server or you could also use OpenSSL.
Once you purchase certificate you need the the private key password which should allow you to import it into all of your servers.
Pardon typos sent from Mobile
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA