Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted
Aruba Employee

Simple Steps to create the HTTPS Server certificate on ClearPass for your Switches!

Good day!

Simple Steps to create the HTTPS Server certificate on ClearPass for your Switches!

 

As may know, https server certificate is must for Downloadable User Role also known as DUR. Please see simple steps to generate https server certificate on Clearpass.

 

Step1: login to clearpass policy manager

login to clearpass policy managerlogin to clearpass policy manager

 

 

Step2: Click on Menu (right side corner) and then click onboard as below

 

admin2.jpg

admin3.jpg

 

Step3: Click on Certificate Authorities, just follow below clicks to download clearpass certificate.

 

admin4.jpg

 

admin6.jpg

 

admin7.jpg

 

admin8.jpg

Once you the certificate you can install on AOS-CX switches as below:

 

6300-1-VSF# conf t
6300-1-VSF(config)# crypto pki ta-profile DUR_clearpass
6300-1-VSF(config-ta-DUR_clearpass)#
  end               End current mode and change to enable mode.
  exit              Exit current mode and change to previous mode
  list              Print command list
  no                Negate a command or set its defaults
  ocsp              Configure Online Certificate Status Protocol
  revocation-check  Configure revocation checking. (Default: no checking)
  show              Show running system information
  ta-certificate    Import a TA certificate in PEM format (Default: terminal)
6300-1-VSF(config-ta-DUR_clearpass)# ta-certificate
Paste the certificate in PEM format below, then hit enter and ctrl-D:
6300-1-VSF(config-ta-cert)#
-----BEGIN CERTIFICATE-----
MIIEgzCCA2ugAwIBAgIBATANBgkqhkiG9w0BAQ0FADCByDELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExEjAQBgNVBAcMCVN1bm55dmFsZTEXMBUGA1UE
CgwOQXJ1YmEgTmV0d29ya3MxNjA0BgNVBAMMLUNsZWFyUGFzcyBPbmJvYXJkIExv
Y2FsIENlcnRpZmljYXRlIEF1dGhvcml0eTE/MD0GCSqGSIb3DQEJARYwZTMzZGNh
OTgtM2RjNC00YWQ1LTgyYmMtZjE2NGEyYWQ5MjhhQGV4YW1wbGUuY29tMB4XDTE3
MDYxOTExMTYxNloXDTI3MDYyMDExNDYxNlowgcgxCzAJBgNVBAYTAlVTMRMwEQYD
VQQIDApDYWxpZm9ybmlhMRIwEAYDVQQHDAlTdW5ueXZhbGUxFzAVBgNVBAoMDkFy
dWJhIE5ldHdvcmtzMTYwNAYDVQQDDC1DbGVhclBhc3MgT25ib2FyZCBMb2NhbCBD
ZXJ0aWZpY2F0ZSBBdXRob3JpdHkxPzA9BgkqhkiG9w0BCQEWMGUzM2RjYTk4LTNk
YzQtNGFkNS04MmJjLWYxNjRhMmFkOTI4YUBleGFtcGxlLmNvbTCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBALqsCtNmOtiRGJ5iTYYr/tbVLK5tBCvJ0bCH
n0pAvzcRwyvh75Cgr5XG+5J6MoWMZIyBMQC9nbyf5N6ugKkvSrqiujBLUizerEJt
0D0E9U/9+X8kDeTM5LFDwHHlav0dxHPyoSM6eAvYI2Bcp1Qgj0ZJRQ7A9EyyaIpr
lGMK2YLXqF+C6A60diMm46bkv/qja1Y+0j7yvBF5c1iBYFI00QpIbpFKEn7T1cUW
41d5TjkmctRIsDZzd3iHLZJK8MA/vDWTqs6n1WJBVs9VEXv4vagVrArWftx4JWsz
tCYyPRW1EvCtZkl+kT7a21BhX4f/HHjXNyWVlsmLNnjt1GOkc+MCAwEAAaN2MHQw
HQYDVR0OBBYEFIEmd8oioP2boMGEupxfFvvcKn9OMA8GA1UdDwEB/wQFAwMHhgAw
DwYDVR0TAQH/BAUwAwEB/zAxBgNVHSUEKjAoBggrBgEFBQcDCQYIKwYBBQUHAwIG
CCsGAQUFBwMBBggrBgEFBQcDAzANBgkqhkiG9w0BAQ0FAAOCAQEAm+tPlFDDScOE
9cmUN1r7GQNx3fD6g0zb33Si3ik/buAHcHmejtAzkjjLXpwUHMPzUmRsQMM0ZnOZ
CFfTgaHKeiQDQZn1lTOVFiFBe0aCmimRCUljeUTRSESEN5LLP1Y11hrFk1JIHwzZ
nmPS8Do50N9c/3KWFJW46dpmIyebSPgVqGiOJDLBVKOhNtY5O7F7IdJnAhlDEn5E
wdAHgRNx/TXAIAR+V41uq744YiWQF+A1tpQD4RUuNWYADTHYvwvXCIugiQRqwmYj
PMq6IL8325kZzE4X0bLf96/YQqdYsgACXcfOG8Oqx1hTg2QBQMQKKOwVoVCXwzf9
UpEnl3Uugg==
-----END CERTIFICATE-----
6300-1-VSF(config-ta-cert)#  -----> Press Ctrl+D

AOS-CX switch is ready for DUR.

 

Also you can find simple steps to configure DUR, LUR and more on below links:

 

Regards,

Yash

 


Accepted Solutions
Highlighted
Frequent Contributor I

Re: Simple Steps to create the HTTPS Server certificate on ClearPass for your Switches!

Please add very explicit text that says this is only for lab environments where proper certificates cannot be acquired. This should never be done in a production environment.

View solution in original post


All Replies
Highlighted
Frequent Contributor I

Re: Simple Steps to create the HTTPS Server certificate on ClearPass for your Switches!

Please add very explicit text that says this is only for lab environments where proper certificates cannot be acquired. This should never be done in a production environment.

View solution in original post