Wireless Access

last person joined: 2 days ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

IF-MAP Down - SSL certificate problem: self signed certificate

This thread has been viewed 12 times

  • 1.  IF-MAP Down - SSL certificate problem: self signed certificate

    Posted Apr 07, 2020 04:53 PM

    Hello,

    I am trying to establish an IF-MAP connection between a 7010 controller and a ClearPass using self signed certificates.

     

    The IF-MAP stays down and the message we can see at the controller is the one below:

     

    192.168.254.9:443 DOWN [04/07/20 15:04:20] SSL certificate problem: self signed certificate

     

    7010 is running OS 8.6.0.3 as a device managed by a Mobility Master VA

    ClearPass is the CLAVB 6.9.0.130064

     

    What would be the solution using the self signed certificate issued by the ClearPass?

     

    Thank you



  • 2.  RE: IF-MAP Down - SSL certificate problem: self signed certificate

    EMPLOYEE
    Posted Apr 08, 2020 08:27 AM

    It is not recommended to run ClearPass with self-signed certificates, so the recommendation is to get a proper certificate and install that. If you don't need external client trust, you could use an internal/private CA to generate the ClearPass HTTPS certificate. If you don't have a private CA, you may leverage the Onboard CA for that.

     

    You may try if it works to import the ClearPass self-signed certificate in the controller as Trusted CA, but haven't tried that.



  • 3.  RE: IF-MAP Down - SSL certificate problem: self signed certificate

    Posted Apr 08, 2020 08:32 AM

    This is the point where I am facing the problem. When I try to import the Clearpass certificate as a trusted CA, the error below pops-up:

     

    Certificate does not have the basicConstraints extension CA flag set.

     

    I can only import it as a server certificate.