Monthly Archives: December 2019

OpenSSL Commands for Certificate Request and PFX File Generation

Generate CSR for domain

openssl req -new -newkey rsa:2048 -nodes -keyout -out

Combine CA , Private, and Public certificate files into PFX file

openssl pkcs12 -export -in public.key -certfile intermediate-ca.key -inkey -out
  • public.key – Public SSL Key returned from CSR
  • intermediate-ca.key – Intermediate/Root CA Public Certificate
  • – private key
  • – combined file

ClearPass and SQL Database Authentication Source

When writing queries for checking a mac address in a table, denoting the correct filter for a mac address can be confusing, depending on the format stored in the table. Here’s a few options

  • %{Authentication:Username}
  • %{Connection:Client-Mac-Address}
  • %{Connection:Client-Mac-Address-NoDelim}
  • %{Connection:Client-Mac-Address-Hyphen}
  • %{Connection:Client-Mac-Address-Dot}
  • %{Connection:Client-Mac-Address-Upper-Hyphen}

Example SQL Server Query

Select top 1 mac from clientmac where mac = ‘%{Authentication:Username}’ or mac = ‘%{Connection:Client-Mac-Address}’

In the enforcement policy, using an exists comparison should be sufficient, although most official examples add another rule to compare the returned value from the query.