Wireless Access

Upcoming community maintenance Oct. 27th through Oct. 29th
For more info click here
Reply
Highlighted
Contributor I

Clearpass Radius Server Certificate

Hey Guys,

I've created a private signed radius server certificate for my Clearpass Cluster for 802.1x authentication. When I try to upload this certificate I just get a "success" message but the certificate is not getting uploaded or updated. Its still shows the default certificate.

Do I have to restart the server to make this change active? 

 

My Cluster contains two nodes and is running version  6.7.3.106273 

Thanks and best regards!

 


Accepted Solutions
Highlighted
Contributor I

Re: Clearpass Radius Server Certificate

Hey Guys,

I was able to fix that issue.

Unfortunately, the certificate was created with a wrong template internally.

Thanks for your support.

Best regards!

View solution in original post


All Replies
Highlighted
Contributor II

Re: Clearpass Radius Server Certificate

Did you creat a CSR and upload or just created a certificate and uploaded?

 

In the dropdown menu on the certificate page in Clearpass have you selected RADIUS and not HTTP certificate?

 

Regards

Philip


Wireless network engineer consultant| @phivil | ACMP ACCP ACDX #759
Highlighted
Contributor I

Re: Clearpass Radius Server Certificate

Hey Philip,

thanks for your reply.

I've created a CSR on an external machine with OpenSSL and then signed it with my internal pki. Yes, when I try to upload I choose radius certificate and not http.

The RootCA certificate is also imported and enabled. 

Best regards! 

Highlighted
MVP Expert

Re: Clearpass Radius Server Certificate

Hi,

 

Create CSR on your CPPM server and get it singed with your internal PKI or external CA, once you get singed certificate, import the certificate to CPPM server and make sure you remeber private key password, which you entered during CSR generation.

 

communitry.PNG


Pavan Arshewar | ACCP

If my post address your queries, give kudos and accept as solution!
NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Highlighted
Contributor I

Re: Clearpass Radius Server Certificate

Hello Pavan,

thanks for your reply.

Unfortunately, this didn't solve the issue. Like you recommended I've created the csr directly on Clearpass and signed it with our internal pki.

The following error message is now displayed to me:

"Certificate File is not suitable for web server authentication" 

 

Edit: The certificate type is X.509 Certificate with .crt ending

 

Best regards!

 

Moderator

Re: Clearpass Radius Server Certificate

Does your certificate have the Server Authentication EKU?


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Contributor I

Re: Clearpass Radius Server Certificate

Hello cappalli,

thanks for your reply.

I assume its a setting which must be set while creating the cert? 

I will talk to the responsible guys to find out if its there.

 

Best regards

 

Highlighted
Contributor I

Re: Clearpass Radius Server Certificate

Hey Guys,

I was able to fix that issue.

Unfortunately, the certificate was created with a wrong template internally.

Thanks for your support.

Best regards!

View solution in original post

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: