Wired Intelligent Edge

Hi All,

I am trying to install this Root CA on my switch but the switch keeps throwing me an Invalid TA certificate error. Can someone take a look into the certificate and tell me if I'm missing something here.

This only happens on the switch, I tried to upload the same certificate to CPPM and it goes through and any certificate signed by this Root CA also goes through.

Attachment(s)

CERTS.zip   1 KB 1 version

I have just done this as I needed it for Downloadable User Roles.

I think your problem is that you exported the certficate in some other format. You need to export in base64 encoded format, or the switch will not accept it. Base64 is NOT the deafult option if you use Windows to export the certificate. You have to select it.

However, if you need the certificate for Downloadable User Roles you can just upgrade the switches to 16.08 and they will be able to download/install the CA from Clearpass automaticly, the first time a client validates/connects. I just tested this and it works.

If you go that route, remember to add the clearpass parameter to the radius-server command or the switch will not know that it can download the certificate.

Example:

radius-server host 1.1.1.1 clearpass

---

@MartinThinggaardMadsen wrote:

 

 

However, if you need the certificate for Downloadable User Roles you can just upgrade the switches to 16.08 and they will be able to download/install the CA from Clearpass automaticly, the first time a client validates/connects. I just tested this and it works.

 

If you go that route, remember to add the clearpass parameter to the radius-server command or the switch will not know that it can download the certificate.

 

Example:

radius-server host 1.1.1.1 clearpass

---

Need to be supported by the switch...

Greetings!

If you are running both ArubaOS-Switch 16.08.0001 or later, and ClearPass 6.7.8 or later, the certificate provided by ClearPass for the automatic download feature should be in the correct format.