Monthly Archives: December 2019

OpenSSL Commands for Certificate Request and PFX File Generation

Generate CSR for domain

openssl req -new -newkey rsa:2048 -nodes -keyout wildcard.alexkuo.com.key -out wildcard.alexkuo.com.csr

Combine CA , Private, and Public certificate files into PFX file

openssl pkcs12 -export -in public.key -certfile intermediate-ca.key -inkey wildcard.alexkuo.com.key -out wildcard.alexkuo.com.pfx

public.key – Public SSL Key returned from CSR
intermediate-ca.key – Intermediate/Root CA Public Certificate
wildcard.alexkuo.com.key – private key
wildcard.alexkuo.com.pfx – combined file

ClearPass and SQL Database Authentication Source

When writing queries for checking a mac address in a table, denoting the correct filter for a mac address can be confusing, depending on the format stored in the table. Here’s a few options

%{Authentication:Username}
%{Connection:Client-Mac-Address}
%{Connection:Client-Mac-Address-NoDelim}
%{Connection:Client-Mac-Address-Hyphen}
%{Connection:Client-Mac-Address-Dot}
%{Connection:Client-Mac-Address-Upper-Hyphen}

Example SQL Server Query

Select top 1 mac from clientmac where mac = ‘%{Authentication:Username}’ or mac = ‘%{Connection:Client-Mac-Address}’

In the enforcement policy, using an exists comparison should be sufficient, although most official examples add another rule to compare the returned value from the query.

Update ClearPass with Cumulative Patch from the CLI

Host the patch from a reachable web server and then use the following command:

system update -i http://<PATH TO PATCH FILE>

Reference

Blog

by Alex Kuo

Monthly Archives: December 2019

OpenSSL Commands for Certificate Request and PFX File Generation

ClearPass and SQL Database Authentication Source

Update ClearPass with Cumulative Patch from the CLI