In this tutorial, you will learn how to install an SSL certificate on Aruba ClearPass Policy Manager (CPPM). ClearPass is a network access control appliance, so the entire process is handled in the web admin console. There are almost no shell commands.
Generate a CSR code on Aruba ClearPass
If you’ve already generated the CSR elsewhere and received the certificate from your CA, skip part one and jump straight to the installation steps.
When applying for an SSL certificate, one of the requirements is to create a CSR (Certificate Signing Request) code and submit it to the Certificate Authority (CA). The CSR is a block of encoded text containing your contact details, such as domain and company identity. Along with the CSR, you’ll also generate the private key, an essential part of the certificate that you’ll need during installation.
You have two options:
- Generate the CSR automatically using our CSR Generator.
- Follow our step-by-step tutorial on how to create the CSR on Aruba ClearPass.
Submit the CSR to the CA during your order. Once the CA validates your request and issues the certificate, continue with the installation below.
Install an SSL certificate on Aruba ClearPass
After the CA validates your request, it emails you the certificate files. Download the ZIP archive and extract its contents. You should have:
- The signed SSL certificate for your domain.
- The CA bundle containing the intermediate and root certificates.
- The private key (.pkey) you generated during CSR creation.
Step 1: Merge the certificates into one .pem file
ClearPass expects the full certificate chain in a single .pem file, in a specific order: your server (leaf) certificate first, then any intermediate certificate(s), and the root certificate last.
Open each certificate file in a plain-text editor such as Notepad, then copy and paste the blocks one after another into a new file with a .pem extension. The result should look like this:
-----BEGIN CERTIFICATE-----
(Your signed SSL certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate CA certificate)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root CA certificate)
-----END CERTIFICATE-----
For this demonstration we’ll name the combined file full-cert.pem, but you can use any name you like. Keep the private key (.pkey) as a separate file. You’ll upload it alongside the certificate in the next step.
Tip: Make sure the intermediate and root certificates are present in ClearPass’s Certificate Trust List and enabled before you import the server certificate. ClearPass needs the full chain to validate correctly.
Step 2: Import the certificate and private key
- Sign in to your Aruba ClearPass Policy Manager admin console.
- Go to Administration > Certificates > Certificate Store. (On older ClearPass builds the path is Administration > Certificate > Server Certificate.)
- At the top of the page, select the Server (the ClearPass node you’re updating) and set Usage (Type) to HTTPS Server Certificate. Choose RADIUS Server Certificate instead if you’re securing RADIUS/EAP authentication.
- Click Import Certificate on the right.
- In the import dialog, select Upload Certificate and Private Key Files.
- Certificate File: click Choose File and select your combined full-cert.pem.
- Private Key File: click Choose File and select the .pkey file you created during CSR generation.
- Private Key Password: enter the password (passphrase) for your private key.
- Click Import.
ClearPass installs the certificate and binds it to the selected service. Replacing the HTTPS Server Certificate restarts the web service, so the admin and captive-portal pages may be briefly unavailable while the new certificate takes effect.
Prefer a single file? ClearPass also accepts a PKCS#12 bundle. Convert your certificate chain and private key into a .pfx file, then in the import dialog choose Upload PKCS#12 Certificate (.pfx or .p12 only) and supply the passphrase. The PEM-plus-key method above works just as well, so this is optional. Pick whichever you have on hand.
Congratulations, you’ve successfully installed an SSL certificate on Aruba ClearPass.
Test your SSL installation
After installing the certificate, run a thorough check of your SSL configuration. Open the ClearPass management URL in a browser and confirm the padlock shows a valid, trusted certificate with the correct domain and expiry date. For a deeper scan, our SSL Checker deliver instant reports that help you spot any chain or configuration issues, so you can keep your certificate up and running.
Where to buy the best SSL certificate for Aruba ClearPass?
If you’re looking for affordable SSL certificates, you’ve come to the right vendor. SSL Dragon’s intuitive, user-friendly website walks you through our entire range of SSL products. All our certificates are signed by trusted Certificate Authorities and are fully compatible with Aruba ClearPass.
Frequently Asked Questions
In the ClearPass Policy Manager admin console, go to Administration > Certificates > Certificate Store. Select the target Server and set Usage to HTTPS Server Certificate (or RADIUS Server Certificate), then use Import Certificate to upload your certificate and private key. On older builds the menu is Administration > Certificate > Server Certificate.
ClearPass accepts a PEM certificate file uploaded together with a separate private key, or a combined PKCS#12 bundle (.pfx or .p12). With the PEM method, place the full chain in one file: server certificate first, intermediates next, root last.
No. Converting to .pfx is optional. ClearPass can import a plain .pem chain together with your .pkey private key directly. Only create a .pfx if you prefer to upload a single PKCS#12 file that already contains both the certificate and the key.
Always lead with your server (leaf) certificate, followed by any intermediate certificate(s), and finish with the root certificate. The wrong order is the most common cause of an incomplete or untrusted chain on ClearPass.
Replacing the HTTPS Server Certificate restarts the ClearPass web service, so the admin interface and captive portal may be unreachable for a short time. Schedule the change during a maintenance window if uptime is critical.
Open the ClearPass management URL in a browser and verify the padlock shows a valid, trusted certificate with the correct hostname and expiry date. For a full external scan of the chain and configuration, run the address through our SSL checker.
Bottom line
Installing an SSL certificate on Aruba ClearPass comes down to merging your certificate chain into one .pem file (leaf first, root last), then importing it with your private key under Administration > Certificates > Certificate Store with the Usage set to HTTPS Server Certificate. Need a certificate first? Browse our SSL certificates.
Save 10% on SSL Certificates when ordering from SSL Dragon today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10


