Security

 View Only

  • 1.  IAPVC to Clearpass 6.12 help - unknown CA SSL error

    Posted Feb 03, 2025 12:15 AM

    I am trying what I thought was a fairly simple scenario - new CPPM 6.12 in Azure, a 510 AP running 8.12, both configured with certs signed by the same CA, and both intermediate and root CA certs added. I'm trying to get Radsec setup but so far all I get is errors in CPPM / Monitoring / Event Viewer saying:

    TLS connection couldn't connect for Client IP x.x.x.x: and Port 2083 Errors: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca

    Based on a few threads here I checked the IAPVC certs. Iniitally as it made me import the radsec cert as a full chain pem file I hadn;'t added the root and intermediate certs but have since done that as well. The settings for radsec on either end are fairly basic and close to defaults. 

    Any suggestions, or ideally a walk-through for this setup between Aruba wireless and Clearpass for RadSec?



  • 2.  RE: IAPVC to Clearpass 6.12 help - unknown CA SSL error

    Posted Feb 03, 2025 02:19 AM

    Did you installed the CA certificate on the IAPVC and configure it to for used for RadSec?



    ------------------------------
    Marcel Koedijk | MVP Expert 2024 | ACEP | ACMP | ACCP | ACDP | Ekahau ECSE | Not an HPE Employee | Opinions are my own
    ------------------------------



  • 3.  RE: IAPVC to Clearpass 6.12 help - unknown CA SSL error

    Posted Feb 03, 2025 05:07 PM

    see if this 3x part series on RADSEC helps you.



    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------

    Original Message


  • 4.  RE: IAPVC to Clearpass 6.12 help - unknown CA SSL error

    Posted Feb 24, 2025 06:03 PM

    Thanks for the reply - sorry I hadn't got back yet I haven't sorted my Airheads notificaitons!

    Yes I had added the certs but I completely missed the Certificate Usage part. I've added the root and intermediate to this for Application:RadSec and that fixed it thanks. (not sure if I needed to do the full chain)


    Original Message


Related Content