Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

pending certificate enrollment request

This thread has been viewed 0 times

  • 1.  pending certificate enrollment request

    Posted Jun 11, 2017 01:13 PM

    A few hours after creating a Certficate Enrollment Request on the master controller, I received from my boss a wildcard certificate for the organization in the PFX format. Which means that the certificate was not created using the Certificate Enrollment Request I created form the controller. I tried to install the PFX certificate on the controller using both CLI and GUI with no success. I receiced the message:

    "Switch Configuration

    Error Uploading Certificate: CertMgr error.

    I installed it on my windows PC then exported it in a PKCS7 format wiht no key exported then I got the erorr message:

    Switch Configuration

    Error Uploading Certificate: Cert public key did not match the private key in the CSR store

    Would you please show me how to solve this problem?

    Thank you all



  • 2.  RE: pending certificate enrollment request

    EMPLOYEE
    Posted Jun 11, 2017 02:08 PM

    Try this command:

     

    restore factory_default certificate


  • 3.  RE: pending certificate enrollment request

    EMPLOYEE
    Posted Jun 11, 2017 09:14 PM

    You should always do the CSR offline on another machine to ensure you have a backup of the private key.



  • 4.  RE: pending certificate enrollment request

    EMPLOYEE
    Posted Jun 11, 2017 10:31 PM

    I believe the problem you are having is related to the certificate that you are using doesnt have a private key included in it.  Thus, the controller is reading the certificate and comparing it to the currently installed key which doesnt match.  Side note, this will happen even if you try this on a controller that only has the default factory certificate.  I would recommend manually making a pem in the correct order with private key at the bottom.  Certificate type is server cert.  Be sure to apply the certificate under management > general  > after you get a cert installed.