Security

Reply
Occasional Contributor I

Single certificate deployment for ClearPass Cluster

Hi,

 

I've read Certificates 101 which helps a lot with how to format the CSR... SAN Fields etc.

 

However, we have multiple CPPM servers and i would like to use 1 certificate (signed by an external CA), for both Radius and HTTPS on all servers. 

 

Can you generate the CSR on any of the CPPM servers and assuming the SAN fields are correct it will work? We currently have generated a seperate CSR on each CPPM server, but to help ease administration 1 certificate for all servers seems like a good idea. 

 

I was worried that if i generated the CSR on CPPM-A for example, the signed cert would only work on that CPPM server. Does anyone know which CPPM server to generate the CSR on to use 1 certificate on multiple CPPM servers?

 

thanks

Highlighted
MVP Guru

Re: Single certificate deployment for ClearPass Cluster

I would recommend to use two separate certs:
- 1x for RADIUS (you only need 1x common name)
- 1x for HTTPS (this cert can be multiple purpose : management access , guest captive portal , etc..and if that is a requirement you will need to add all the ClearPass nodes FQDNs as SAN or you could also use a wildcard cert)

You can generate the CSR from any server or you could also use OpenSSL.
Once you purchase certificate you need the the private key password which should allow you to import it into all of your servers.





Thank you

Victor Fabian

Pardon typos sent from Mobile
Thank you

Victor Fabian
Lead Mobility Architect @WEI
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: