Security

I'm build out DUR roles on CX and CPPM and when I try to extract the well-know URL I get 404 error 

(http://<clearpass- fqdn>/.well-known/aruba/clearpass/https-root.pem)

What am I missing
ClearPass Pub&Sub has a public cert, with the FQDN in the SAN name, 
ClearPass Version is 6.10

Do I need to raise a TAC case?

------------------------------
Andrew Partridge
------------------------------

Could it be that you are on 6.10.0? Please upgrade to the latest 6.10 patch release as in the early versions that well-known URL worked only with ECC certificates, and the RSA certificate was available as https-root-rsa.pem. Later updates have fixed that in a way that if there is no ECC cert, that the RSA certificate is available on that URL.

Adding -rsa in the URL would work as well, but there are some security fixes in the latest ClearPass version which should be a reason to upgrade anyway.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------

Original Message:
Sent: May 31, 2022 03:50 AM
From: Andrew Partridge
Subject: ClearPass /.well-know URL fails, is my cluster broken

I'm build out DUR roles on CX and CPPM and when I try to extract the well-know URL I get 404 error 

(http://<clearpass- fqdn>/.well-known/aruba/clearpass/https-root.pem)

What am I missing
ClearPass Pub&Sub has a public cert, with the FQDN in the SAN name, 
ClearPass Version is 6.10

Do I need to raise a TAC case?

------------------------------
Andrew Partridge
------------------------------

I was able to access the cert in Explorer in the end, and firefox.

I am 6.10.5.185484 although I assume a browser issue and not a clearpass issue
Original Message:
Sent: May 31, 2022 11:35 AM
From: Herman Robers
Subject: ClearPass /.well-know URL fails, is my cluster broken

Could it be that you are on 6.10.0? Please upgrade to the latest 6.10 patch release as in the early versions that well-known URL worked only with ECC certificates, and the RSA certificate was available as https-root-rsa.pem. Later updates have fixed that in a way that if there is no ECC cert, that the RSA certificate is available on that URL.

Adding -rsa in the URL would work as well, but there are some security fixes in the latest ClearPass version which should be a reason to upgrade anyway.

------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.

In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.

Original Message:
Sent: May 31, 2022 03:50 AM
From: Andrew Partridge
Subject: ClearPass /.well-know URL fails, is my cluster broken

I'm build out DUR roles on CX and CPPM and when I try to extract the well-know URL I get 404 error 

(http://<clearpass- fqdn>/.well-known/aruba/clearpass/https-root.pem)

What am I missing
ClearPass Pub&Sub has a public cert, with the FQDN in the SAN name, 
ClearPass Version is 6.10

Do I need to raise a TAC case?

------------------------------
Andrew Partridge
------------------------------