Security

Hi everyone,

I'm currently facing an issue with HTTPS RSA certificates in my ClearPass cluster and would appreciate any ideas.

Current setup:

• ClearPass cluster with 1 Publisher and 1 Subscriber running 6.12.5
• I created CSRs directly on the Publisher and received the signed certificates from our internal CA -> We dont do captive Portal or Onboard
• The Prior HTTPS RSA Certificates were the default self-signed

What I did:

• Imported a new HTTPS RSA certificate via the Publisher
• The Publisher is using the new certificate without any issues (no browser warning anymore)
• The certificate is visible in the certificate store on both nodes

Certificate details:

• I am now using one single certificate
• The certificate includes all relevant DNS names and IPs in the SAN field

Issue:

• The Subscriber is still presenting the old HTTPS certificate
• Even after:
  
  • rebooting the Subscriber
  • Closing Browser Etc.

Is there a known issue or additional step required for the Subscriber to switch to the new HTTPS certificate?

Thanks in advance!

Did you apply to the subscriber too? In the Certificate section, you will need to import the cert and apply it to the subscriber too.

Hi everyone,

I'm currently facing an issue with HTTPS RSA certificates in my ClearPass cluster and would appreciate any ideas.

Current setup:

• ClearPass cluster with 1 Publisher and 1 Subscriber running 6.12.5
• I created CSRs directly on the Publisher and received the signed certificates from our internal CA -> We dont do captive Portal or Onboard
• The Prior HTTPS RSA Certificates were the default self-signed

What I did:

• Imported a new HTTPS RSA certificate via the Publisher
• The Publisher is using the new certificate without any issues (no browser warning anymore)
• The certificate is visible in the certificate store on both nodes

Certificate details:

• I am now using one single certificate
• The certificate includes all relevant DNS names and IPs in the SAN field

Issue:

• The Subscriber is still presenting the old HTTPS certificate
• Even after:
  
  • rebooting the Subscriber
  • Closing Browser Etc.

Is there a known issue or additional step required for the Subscriber to switch to the new HTTPS certificate?

Thanks in advance!

Yes, i did apply it to the subscriber. Certificate is visible in both Certificate Stores.

Did you apply to the subscriber too? In the Certificate section, you will need to import the cert and apply it to the subscriber too.

Hi everyone,

I'm currently facing an issue with HTTPS RSA certificates in my ClearPass cluster and would appreciate any ideas.

Current setup:

• ClearPass cluster with 1 Publisher and 1 Subscriber running 6.12.5
• I created CSRs directly on the Publisher and received the signed certificates from our internal CA -> We dont do captive Portal or Onboard
• The Prior HTTPS RSA Certificates were the default self-signed

What I did:

• Imported a new HTTPS RSA certificate via the Publisher
• The Publisher is using the new certificate without any issues (no browser warning anymore)
• The certificate is visible in the certificate store on both nodes

Certificate details:

• I am now using one single certificate
• The certificate includes all relevant DNS names and IPs in the SAN field

Issue:

• The Subscriber is still presenting the old HTTPS certificate
• Even after:
  
  • rebooting the Subscriber
  • Closing Browser Etc.

Is there a known issue or additional step required for the Subscriber to switch to the new HTTPS certificate?

Thanks in advance!