I would recommend to use two separate certs:
- 1x for RADIUS (you only need 1x common name)
- 1x for HTTPS (this cert can be multiple purpose : management access , guest captive portal , etc..and if that is a requirement you will need to add all the ClearPass nodes FQDNs as SAN or you could also use a wildcard cert)
You can generate the CSR from any server or you could also use OpenSSL.
Once you purchase certificate you need the the private key password which should allow you to import it into all of your servers.
Thank you
Victor Fabian
Pardon typos sent from Mobile