To generate a Certificate Signing Request (CSR), a key pair must be created for the server. These two items are a public/private key pair and cannot be separated. If the public/private key file or password is lost or changed before the SSL certificate is installed, the SSL certificate will need to be re-issued. The private key, CSR and certificate must all match in order for the installation to be successful.
To create a new CSR for your Aruba ClearPass Policy Manager (CPPM) perform the steps below:
Step 1: Generating your CSR & Privatekey:
- Open your Aruba ClearPass CPPM.
- Navigate to Administration > Certificate > Server Certificate.
- Click Create Certificate Signing Request.
- In the Create Certificate Signing Request pop-up window specify the following information:
- Common Name (CN): FQDN (fully-qualified domain name) of the server (e.g., www.domain.com, mail.domain.com, or for wildcard certificate *.domain.com). IP’s are not accepted for enrollment of a CA SSL Certificate
- Organization (O): The full legal name of the organization.
- Organizational Unit (OU):A department name, such as ‘Information Technology’.
- Location (L): City where the Organization is located. do not abbreviate.
- State (ST): State, or Province where the organization is located. Do not abbreviate.
- Country (C): City, state, and country where the organization is located. Do not abbreviate.
- Subject Alternative Name (SAN): Leave this blank unless you want to add extra FQDN.
Note: If you would like to add SANS you may have to specify how many and what those FQDN are during enrollment for your SSL Certificate. - Private Key Password: Specify a pass-phrase to protect your private key. You will need to use this pass-phrase for installation.
- Verify Private Key Password: Re-enter your pass-phrase.
- Key Length: selects at least 2048 bits.
- Digest Algorithm: Specify the algorithm you desire. Standard is SHA-2.
- Valid for: Ignore, keep as default.
- Click Submit.
- Your CSR will be displayed to you.
- Click Download CSR and Private key Files.
- Two files will be downloaded under downloads on your system.
- Rename these files if you like but keep track of them.
- CertSignRequest.csr is your CSR that you will copy and paste into your SSL Certificate enrollment portal.
- CertPrivaKey.pkey is your private key file. This is extremely important do not loose this or the password your SSL Certificate once issued will not work without this unique Key.
- You have sucessfully created a Certificate Signing Request and a Private key for your Aruba ClearPass Policy Manager.
If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the organization that supports it.
For ClearPass installation instructions click here.
Aruba ClearPass Support:
For more information refer to Aruba ClearPass.