You don't have to configure the CP certificate at the controller level. Just use the path System -> More -> General -> CP Certificate. It will apply it per the heirarchy. Great video!
Hey guys..I had to add "--key-type rsa" into the cert issue command because after certbot version 2.0.0, ecdsa is used per default. I desperately tried to import the cert to my CP instance until I read the recent certbot manual to see this more by chance than by deliberation.. Hope this helps someone :) Regards, Julian, Dec 2023.
I believe the point behind let's encrypt 90 days cert is that if somehow the cert gets compromised that cert can be easily renewed that way you're never operating on a cert that may have been compromised but not discovered that's been compromised typically a python script will be ran to continuously keep the cert updated and that's ran every 60 days so if there's a problem you have 30 days to resolve
hi john, first of all thank you very much for all your informative material that you provide! please allow me a question, I don‘t understand exactly why we‘d need a public signed certificate for the controller and the clearpass?!
the cert on ClearPass is for the main page, so the guest doesn't get and unsecured website when the welcome page is loaded the cert in the controller is because the login process is done in the background from the guest device directly to the controller (even though the guest sees only the clearpass page). The login form is incorporated on the main page presented by ClearPass. If the certificate for the controller is not valid the guest fail to authenticate because his browser will not push the data over an insecure page. Both certs need to be public because you can't upload private CA over guest devices 13:44
You don't have to configure the CP certificate at the controller level. Just use the path System -> More -> General -> CP Certificate. It will apply it per the heirarchy.
Great video!
Thanks for the info!
Hey guys..I had to add "--key-type rsa" into the cert issue command because after certbot version 2.0.0, ecdsa is used per default. I desperately tried to import the cert to my CP instance until I read the recent certbot manual to see this more by chance than by deliberation.. Hope this helps someone :)
Regards,
Julian, Dec 2023.
I believe the point behind let's encrypt 90 days cert is that if somehow the cert gets compromised that cert can be easily renewed that way you're never operating on a cert that may have been compromised but not discovered that's been compromised typically a python script will be ran to continuously keep the cert updated and that's ran every 60 days so if there's a problem you have 30 days to resolve
Salutations, John Your great content is appreciated. How did you create ISRG Root X1 and R3, which must be put to the clearpass trust list?
Downloaded them from Let's Encrypt.
hi john, first of all thank you very much for all your informative material that you provide!
please allow me a question, I don‘t understand exactly why we‘d need a public signed certificate for the controller and the clearpass?!
the cert on ClearPass is for the main page, so the guest doesn't get and unsecured website when the welcome page is loaded
the cert in the controller is because the login process is done in the background from the guest device directly to the controller (even though the guest sees only the clearpass page). The login form is incorporated on the main page presented by ClearPass. If the certificate for the controller is not valid the guest fail to authenticate because his browser will not push the data over an insecure page.
Both certs need to be public because you can't upload private CA over guest devices 13:44
Thanks