This article covers a very specific case when you are importing a certificate and private key pair where the private key does not have a password. It does not explain the certificate types or use cases, certificate and key-file file formats or detail the intricacies of PKI. ClearPass requires certificates in order to operate securely (encrypt/decrypt traffic) and identify itself during RADIUS transactions. The most common certificates you would import are RADIUS, HTTPS and RadSec. There are others but these all require a private key. ClearPass allows you to import the certificate and private key as two separate files (you can also import them as a combined file). It is quite common to receive a private key file that is not protected by a password, whether it be from a public certificate authority or an internal CA service. When you try to import this file pair into ClearPass while leaving the "Private Key Password" field blank you will receive an error: The error states that the Private Key Password must be specified. The problem is there isn't one to be entered, so it can be confusing how you may proceed.
You can get around this error by entering anything (I haven't exhaustively tested every possible entry) into the Private Key Password field. During my first attempt I used "null", which worked. Then I used "asdf" which also worked. A simple, single character entry also appeared to work fine.
Comments
When using phone numbers in ClearPass guest self-registration, the system elevates US and UK to the top of the country codes selector by default. This isn't always suitable so you may want to change the country codes that are promoted to the top to be more appropriate for your user base. Generally this will come up when you are building a Guest Self-Registration workflow - but it may be relevant for any page which shows a phone number field in a ClearPass form. It is possible to edit the settings of the most commonly used visitor_phone Base Field. This should result in an update across all Forms which use this Field. This can be done from the ClearPass Guest Configuration page.
It is possible to edit this field on a per form basis so that portals and pages can have differing preferred country codes. This may be appropriate for ClearPass deployments that cater to global or multi-national use-cases.
|
WifiHaxWe build and optimise networks. Continuous learning is our secret to being good. Along the learning journey we will share things here... Archives
November 2022
Categories
All
|