Wireless Access

Hey Guys,

I've created a private signed radius server certificate for my Clearpass Cluster for 802.1x authentication. When I try to upload this certificate I just get a "success" message but the certificate is not getting uploaded or updated. Its still shows the default certificate.

Do I have to restart the server to make this change active? 

My Cluster contains two nodes and is running version  6.7.3.106273 

Thanks and best regards!

Did you creat a CSR and upload or just created a certificate and uploaded?

In the dropdown menu on the certificate page in Clearpass have you selected RADIUS and not HTTP certificate?

Regards

Philip

Hey Philip,

thanks for your reply.

I've created a CSR on an external machine with OpenSSL and then signed it with my internal pki. Yes, when I try to upload I choose radius certificate and not http.

The RootCA certificate is also imported and enabled. 

Best regards! 

Hi,

Create CSR on your CPPM server and get it singed with your internal PKI or external CA, once you get singed certificate, import the certificate to CPPM server and make sure you remeber private key password, which you entered during CSR generation.

Hello Pavan,

thanks for your reply.

Unfortunately, this didn't solve the issue. Like you recommended I've created the csr directly on Clearpass and signed it with our internal pki.

The following error message is now displayed to me:

"Certificate File is not suitable for web server authentication" 

Edit: The certificate type is X.509 Certificate with .crt ending

Best regards!

Hello cappalli,

thanks for your reply.

I assume its a setting which must be set while creating the cert? 

I will talk to the responsible guys to find out if its there.

Best regards

Hey Guys,

I was able to fix that issue.

Unfortunately, the certificate was created with a wrong template internally.

Thanks for your support.

Best regards!