Wireless Access

Reply
Highlighted
Contributor I

Clearpass Radius Server Certificate

Hey Guys,

I've created a private signed radius server certificate for my Clearpass Cluster for 802.1x authentication. When I try to upload this certificate I just get a "success" message but the certificate is not getting uploaded or updated. Its still shows the default certificate.

Do I have to restart the server to make this change active? 

 

My Cluster contains two nodes and is running version  6.7.3.106273 

Thanks and best regards!

 

Contributor I

Re: Clearpass Radius Server Certificate

Did you creat a CSR and upload or just created a certificate and uploaded?

 

In the dropdown menu on the certificate page in Clearpass have you selected RADIUS and not HTTP certificate?

 

Regards

Philip


Wireless network engineer consultant| @phivil | ACMP ACCP ACDX #759
Contributor I

Re: Clearpass Radius Server Certificate

Hey Philip,

thanks for your reply.

I've created a CSR on an external machine with OpenSSL and then signed it with my internal pki. Yes, when I try to upload I choose radius certificate and not http.

The RootCA certificate is also imported and enabled. 

Best regards! 

MVP Guru

Re: Clearpass Radius Server Certificate

Hi,

 

Create CSR on your CPPM server and get it singed with your internal PKI or external CA, once you get singed certificate, import the certificate to CPPM server and make sure you remeber private key password, which you entered during CSR generation.

 

communitry.PNG

Regards,
Pavan
If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Clearpass Radius Server Certificate

Hello Pavan,

thanks for your reply.

Unfortunately, this didn't solve the issue. Like you recommended I've created the csr directly on Clearpass and signed it with our internal pki.

The following error message is now displayed to me:

"Certificate File is not suitable for web server authentication" 

 

Edit: The certificate type is X.509 Certificate with .crt ending

 

Best regards!

 

Guru Elite

Re: Clearpass Radius Server Certificate

Does your certificate have the Server Authentication EKU?

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Contributor I

Re: Clearpass Radius Server Certificate

Hello cappalli,

thanks for your reply.

I assume its a setting which must be set while creating the cert? 

I will talk to the responsible guys to find out if its there.

 

Best regards

 

Contributor I

Re: Clearpass Radius Server Certificate

Hey Guys,

I was able to fix that issue.

Unfortunately, the certificate was created with a wrong template internally.

Thanks for your support.

Best regards!

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: