Security

Hello,

   My HTTPS cert is due to expire in 2 days the person who has access to our CA website is on vacation. We have a guest registration page where guest users log in to register their personal devices which I know uses that cert. If it expires will it continue to work with a self signed cert or default cert? I understand users will get a cert trust error but they can proceed past that or do I need to create a self signed cert prior to it expiring. Will the guest registration pages still continue to work after it expires. My fear is that will just stop working if no one has ever created a self signed cert. 

If you are using HTTPS in guest page and if https certificate expires then page re-direction does not work. Install self signed certificate for now until you get new CA signed HTTPS certificate.

Regards,

Pavan

If my post address your query, give kudos:)

There is two certificates on your clearpass Radius and HTTPS, if your radius expires you potientally, your NAD's will not be able too communciate with Clearpass. aka authenticate login etc.

If your HTTP certificate expires some internet browsers (e.g. Chrome/Edge) will not even let you get to the any clearpass pages, as default internet browsers security settings prevent you from accessing expired certificate sites.

As mentioned above put on a self signed until you get your certificates from a trusted third party. 

N.B. not recommended to get a wildcard certificate for Clearpass.

Aruba Partner Network Consultant

**Aruba Wireless ACMP / ClearPass ACCP / CCNP Professional **
If a reply addresses your issue, please click on the "Accept as Solution" and "Give Kudos"

Just an FYI. That's not really true re: RADIUS certificate. NADs do not use or verify the RADIUS server certificate. If the RADIUS cert expires, the RADIUS service in ClearPass will stop and will not start until a new certificate is added.

@ Tim query, so why when you change your https radius cert do your NAD stop communciating with CPPM, until your restart the radius server on CPPM or CPPM server, if the radius cert isnt used to validate.

I always believe the radius cert was used to validate nads.  Would welcome further information on how the radius cert is used in CPPM.

thanks

**Aruba Wireless ACMP / ClearPass ACCP / CCNP Professional **
If a reply addresses your issue, please click on the "Accept as Solution" and "Give Kudos"

The NAD is EAP agnostic and is never aware of the EAP server certificate. It is used between an 802.1X-enabled client and the authentication server.

@ Tim many thanks makes sense.

**Aruba Wireless ACMP / ClearPass ACCP / CCNP Professional **
If a reply addresses your issue, please click on the "Accept as Solution" and "Give Kudos"

Lucky for me the guy who has access to our CA got me a new cert this weekend. I knew about the Radius side would shut down if it expired which almost happened last year, but with the HTTPS I wasn't sure. Lesson Learned get the cert replaced 6 months in advance.