Requirement:
Aruba 2930F Switch running firmware version WC.16.10.0003
Solution:In the following example, debugging for Event Messages and ClearPass Policy Manager Messages (CPPM) is enabled, and the CPPM HTTPS certificate is downloaded using the CLI command, “radius-server host 10.0.106.101 clearpass”.
Configuration:The debugging output displays the PEM file name, a successful download and the name of the certificate that is installed.The contents of the certificate is displayed and decoded.
------ Enable Debugging ------
Core-Switch# debug destination session
Core-Switch# debug event
Core-Switch# debug cppm
Core-Switch# show debug
Debug Logging
Source IP Selection: Outgoing Interface
Origin identifier: Outgoing Interface IP
Destination:
Session
Time-stamp: System-Uptime
Enabled debug types:
event
cppm
------ Download certificate from ClearPass server ------
Core-Switch# configure terminal
Core-Switch(config)# radius-server host 10.0.106.101 clearpass
0001:22:31:07.34 CPPM mcppmTask:Clearpass CA download request to :
http://10.0.106.101/.well-known/aruba/clearpass/https-root.pem
I 04/04/20 21:22:50 05811 CADownload: Successfully downloaded the certificate
from 10.0.106.101 server
0001:22:31:07.64 CPPM mcppmTask:ClearPass 10.0.106.101 server cert
WIN-FUVI1DQCP99-CA is installed.
Verification
------ PEM file Information ------
A Privacy-Enhanced Mail (PEM) is a defacto file format for storing and sending cryptographic keys, certificates, and other data, based on a set of 1993 IETF standards defining "privacy-enhanced mail."
A PEM file must consist of a private key, a CA server certificate, and additional certificates that make up the trust chain. The trust chain must contain a root certificate and, if needed, intermediate certificates. A PEM encoded file includes Base64 data.Oct 14, 2019
------ Display certificate information using web-browser ------
http://10.0.106.101/.well-known/aruba/clearpass/https-root.pem
-----BEGIN CERTIFICATE-----
MIIDFTCCAf2gAwIBAgIQLfl/EE3m/qVH2vHGQDzJfDANBgkqhkiG9w0BAQsFADAd
MRswGQYDVQQDExJXSU4tRlVWSTFEUUNQOTktQ0EwHhcNMjAwMzIxMTUwNzU5WhcN
MjUwMzIxMTUxNzU4WjAdMRswGQYDVQQDExJXSU4tRlVWSTFEUUNQOTktQ0EwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC2BIWVh/JkdMjCOJd1NNJhEpZf
uwMNLBaIGybyDH8nQ2chKx26YmVIbGUi4LxvQahLVRjVveysB6piVNReKM+WsBOt
f3WembGuyzk8OcyZS0kxGjBPpd3ZrlA+6T872pp351710JDM2+cX9+qfu+t+HrOW
oem1D19pEbyZmUJ71MGnOM2mH38yZvfK1Q6177ZIPtXC4pNdvq5Dqy2baFMb0Hdn
CaCnOHuHXjcarOat5ohjqvciqam0tgdIDdrkkGGFN5BNxqho3PGRgPskKhQmkB9r
t2lczB61JOugGicn8lwTKSnDGnD0ZYu3TV8htF0ORGOvCQeDye1Rxoza823NAgMB
AAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5
TjjE6iTU+jPDAqW/x2yI6GrFxDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0B
AQsFAAOCAQEALlnO8SUhmrZh6cnV2tPVkmp7lzA7eZhKJuj2i7khwGncfOQOK44H
Ab7swmrpCW82W5JlTvmfbVID2d8dTkRGDWbXt/kPj5fKE+W1UxWSZp1HbVsGLekN
zaTApURPeY6kNwaBDhC0PsbsOYCSB0rq+3KSc9FALaUvQqwoYAUhrlCMs9vhn62g
LTH31VAfMtVLhsBPPJx3VjxOsZGDBO/wLvs6wwxAJkaUZIruw+m2KYtmayxXbxwR
c9etCD46YPibMTgg6w7p9ijIRyzL3OhzqHTpgItEvqse+QvlMSmWtZdrgcmZ9Qfk
s5FkoUYPcoz0hmoQ/4vl6R98UaUI18kkmw==
-----END CERTIFICATE-----
------ Display certificate information using website ------
https://certlogik.com/decoder/
RDN Value
Common Name (CN) WIN-FUVI1DQCP99-CA
Properties
Property Value
Issuer CN = WIN-FUVI1DQCP99-CA
Subject CN = WIN-FUVI1DQCP99-CA
Valid From 21 Mar 2020, 3:07 p.m.
Valid To 21 Mar 2025, 3:17 p.m.
Serial Number 2D:F9:7F:10:4D:E6:FE:A5:47:DA:F1:C6:40:3C:C9:7C (61110718885876251575280726705558047100)
CA Cert Yes
Key Size 2048 bits
Fingerprint (SHA-1) C4:D7:08:6E:68:88:E9:A5:5D:7A:D8:8B:D9:94:01:65:3A:28:31:6E
Fingerprint (MD5) 91:FA:D0:B8:5A:5D:EC:A5:17:D9:A9:E0:88:25:6A:8C
SANS