Security

Ever wanted to know how to configure ClearPass Onboard as an EST server to automatically distribute certificates to your network devices?  How about then using those certs to enable RADSEC on the devices?  In this video, I cover what EST is, how to configure it on CX switches and AOS 10 gateways and also how to use the certs for RADSEC to ClearPass.

Enoy!

0:00 - Brief intro to EST

6:29 - EST server configuration on ClearPass Onboard

20:53 - EST configuration on CX

30:00 - RADSEC configuration on CX

43:20 - EST and RADSEC configuration on an AOS 10 Gateway

Great content!

Ever wanted to know how to configure ClearPass Onboard as an EST server to automatically distribute certificates to your network devices?  How about then using those certs to enable RADSEC on the devices?  In this video, I cover what EST is, how to configure it on CX switches and AOS 10 gateways and also how to use the certs for RADSEC to ClearPass.

Enoy!

0:00 - Brief intro to EST

6:29 - EST server configuration on ClearPass Onboard

20:53 - EST configuration on CX

30:00 - RADSEC configuration on CX

43:20 - EST and RADSEC configuration on an AOS 10 Gateway

Ever wanted to know how to configure ClearPass Onboard as an EST server to automatically distribute certificates to your network devices?  How about then using those certs to enable RADSEC on the devices?  In this video, I cover what EST is, how to configure it on CX switches and AOS 10 gateways and also how to use the certs for RADSEC to ClearPass.

Enoy!

0:00 - Brief intro to EST

6:29 - EST server configuration on ClearPass Onboard

20:53 - EST configuration on CX

30:00 - RADSEC configuration on CX

43:20 - EST and RADSEC configuration on an AOS 10 Gateway

Hi Mike, after using your great Instruction, we get a key-usage mismatch in CX Switch after propper enrollment.  The Onboars CA is an Intermediate. Can you explain why?

Ever wanted to know how to configure ClearPass Onboard as an EST server to automatically distribute certificates to your network devices?  How about then using those certs to enable RADSEC on the devices?  In this video, I cover what EST is, how to configure it on CX switches and AOS 10 gateways and also how to use the certs for RADSEC to ClearPass.

Enoy!

0:00 - Brief intro to EST

6:29 - EST server configuration on ClearPass Onboard

20:53 - EST configuration on CX

30:00 - RADSEC configuration on CX

43:20 - EST and RADSEC configuration on an AOS 10 Gateway

Hi Mike, after using your great Instruction, we get a key-usage mismatch in CX Switch after propper enrollment.  The Onboars CA is an Intermediate. Can you explain why?

Original Message:
Sent: Jun 21, 2024 12:42 PM
From: mike.gallagher2@hpe.com
Subject: Instruction - Using ClearPass as an EST server and configuring RADSEC on CX and AOS 10 Gateways

Ever wanted to know how to configure ClearPass Onboard as an EST server to automatically distribute certificates to your network devices?  How about then using those certs to enable RADSEC on the devices?  In this video, I cover what EST is, how to configure it on CX switches and AOS 10 gateways and also how to use the certs for RADSEC to ClearPass.

Enoy!

0:00 - Brief intro to EST

6:29 - EST server configuration on ClearPass Onboard

20:53 - EST configuration on CX

30:00 - RADSEC configuration on CX

43:20 - EST and RADSEC configuration on an AOS 10 Gateway

Hi Mike, after using your great Instruction, we get a key-usage mismatch in CX Switch after propper enrollment.  The Onboars CA is an Intermediate. Can you explain why?

Ever wanted to know how to configure ClearPass Onboard as an EST server to automatically distribute certificates to your network devices?  How about then using those certs to enable RADSEC on the devices?  In this video, I cover what EST is, how to configure it on CX switches and AOS 10 gateways and also how to use the certs for RADSEC to ClearPass.

Enoy!

0:00 - Brief intro to EST

6:29 - EST server configuration on ClearPass Onboard

20:53 - EST configuration on CX

30:00 - RADSEC configuration on CX

43:20 - EST and RADSEC configuration on an AOS 10 Gateway

Carson summed it up.  What you see is normal, but it's a good thing to point out.  The cert will still work fine for RADSEC.  See my switch output as well:

radsec                           installed, key-usage mismatch    enroll success    radsec-client

Hi Mike, after using your great Instruction, we get a key-usage mismatch in CX Switch after propper enrollment.  The Onboars CA is an Intermediate. Can you explain why?

Ever wanted to know how to configure ClearPass Onboard as an EST server to automatically distribute certificates to your network devices?  How about then using those certs to enable RADSEC on the devices?  In this video, I cover what EST is, how to configure it on CX switches and AOS 10 gateways and also how to use the certs for RADSEC to ClearPass.

Enoy!

0:00 - Brief intro to EST

6:29 - EST server configuration on ClearPass Onboard

20:53 - EST configuration on CX

30:00 - RADSEC configuration on CX

43:20 - EST and RADSEC configuration on an AOS 10 Gateway

Mike & Carson,

I don't want to muddy the water but I don't see the same on my end. I am not sure why. It might be a code release thing.

Carson summed it up.  What you see is normal, but it's a good thing to point out.  The cert will still work fine for RADSEC.  See my switch output as well:

radsec                           installed, key-usage mismatch    enroll success    radsec-client

Hi Mike, after using your great Instruction, we get a key-usage mismatch in CX Switch after propper enrollment.  The Onboars CA is an Intermediate. Can you explain why?

Ever wanted to know how to configure ClearPass Onboard as an EST server to automatically distribute certificates to your network devices?  How about then using those certs to enable RADSEC on the devices?  In this video, I cover what EST is, how to configure it on CX switches and AOS 10 gateways and also how to use the certs for RADSEC to ClearPass.

Enoy!

0:00 - Brief intro to EST

6:29 - EST server configuration on ClearPass Onboard

20:53 - EST configuration on CX

30:00 - RADSEC configuration on CX

43:20 - EST and RADSEC configuration on an AOS 10 Gateway

Yeah, when I made that video my switch was on 10.09 and now I'm on 10.15, so there were likely code changes that made that pop.  The cert still works for RADSEC, no issues.

Mike & Carson,

I don't want to muddy the water but I don't see the same on my end. I am not sure why. It might be a code release thing.

Carson summed it up.  What you see is normal, but it's a good thing to point out.  The cert will still work fine for RADSEC.  See my switch output as well:

radsec                           installed, key-usage mismatch    enroll success    radsec-client

Hi Mike, after using your great Instruction, we get a key-usage mismatch in CX Switch after propper enrollment.  The Onboars CA is an Intermediate. Can you explain why?

Ever wanted to know how to configure ClearPass Onboard as an EST server to automatically distribute certificates to your network devices?  How about then using those certs to enable RADSEC on the devices?  In this video, I cover what EST is, how to configure it on CX switches and AOS 10 gateways and also how to use the certs for RADSEC to ClearPass.

Enoy!

0:00 - Brief intro to EST

6:29 - EST server configuration on ClearPass Onboard

20:53 - EST configuration on CX

30:00 - RADSEC configuration on CX

43:20 - EST and RADSEC configuration on an AOS 10 Gateway

Mike & Carson,

I don't want to muddy the water but I don't see the same on my end. I am not sure why. It might be a code release thing.

Carson summed it up.  What you see is normal, but it's a good thing to point out.  The cert will still work fine for RADSEC.  See my switch output as well:

radsec                           installed, key-usage mismatch    enroll success    radsec-client

Hi Mike, after using your great Instruction, we get a key-usage mismatch in CX Switch after propper enrollment.  The Onboars CA is an Intermediate. Can you explain why?

Ever wanted to know how to configure ClearPass Onboard as an EST server to automatically distribute certificates to your network devices?  How about then using those certs to enable RADSEC on the devices?  In this video, I cover what EST is, how to configure it on CX switches and AOS 10 gateways and also how to use the certs for RADSEC to ClearPass.

Enoy!

0:00 - Brief intro to EST

6:29 - EST server configuration on ClearPass Onboard

20:53 - EST configuration on CX

30:00 - RADSEC configuration on CX

43:20 - EST and RADSEC configuration on an AOS 10 Gateway

We just ran a bunch of 6200 at Discover with the uplink configured as an 802.1X supplicant and the certificate enrolled via EST, all of them had that mismatch message but worked just fine.

Mike & Carson,

I don't want to muddy the water but I don't see the same on my end. I am not sure why. It might be a code release thing.

Carson summed it up.  What you see is normal, but it's a good thing to point out.  The cert will still work fine for RADSEC.  See my switch output as well:

radsec                           installed, key-usage mismatch    enroll success    radsec-client

Hi Mike, after using your great Instruction, we get a key-usage mismatch in CX Switch after propper enrollment.  The Onboars CA is an Intermediate. Can you explain why?

Ever wanted to know how to configure ClearPass Onboard as an EST server to automatically distribute certificates to your network devices?  How about then using those certs to enable RADSEC on the devices?  In this video, I cover what EST is, how to configure it on CX switches and AOS 10 gateways and also how to use the certs for RADSEC to ClearPass.

Enoy!

0:00 - Brief intro to EST

6:29 - EST server configuration on ClearPass Onboard

20:53 - EST configuration on CX

30:00 - RADSEC configuration on CX

43:20 - EST and RADSEC configuration on an AOS 10 Gateway

What code were they on, Carson?

We just ran a bunch of 6200 at Discover with the uplink configured as an 802.1X supplicant and the certificate enrolled via EST, all of them had that mismatch message but worked just fine.

Mike & Carson,

I don't want to muddy the water but I don't see the same on my end. I am not sure why. It might be a code release thing.

Carson summed it up.  What you see is normal, but it's a good thing to point out.  The cert will still work fine for RADSEC.  See my switch output as well:

radsec                           installed, key-usage mismatch    enroll success    radsec-client

Hi Mike, after using your great Instruction, we get a key-usage mismatch in CX Switch after propper enrollment.  The Onboars CA is an Intermediate. Can you explain why?

Ever wanted to know how to configure ClearPass Onboard as an EST server to automatically distribute certificates to your network devices?  How about then using those certs to enable RADSEC on the devices?  In this video, I cover what EST is, how to configure it on CX switches and AOS 10 gateways and also how to use the certs for RADSEC to ClearPass.

Enoy!

0:00 - Brief intro to EST

6:29 - EST server configuration on ClearPass Onboard

20:53 - EST configuration on CX

30:00 - RADSEC configuration on CX

43:20 - EST and RADSEC configuration on an AOS 10 Gateway