Hi folks
I have a weird one. Background first for context
I upgraded our clearpass servers (1 publisher, 1 subscriber) to 6.9.4 from 6.8.x using the publisher first, then subscriber. The plan we used was upgrade publisher to 6.9.0 and restart it - then upgrade subscriber to 6.9.0. After they were both upgraded we'd repeat so they were both to 6.9.4. However, when the subscriber upgraded - it lost it's configuration and attempts to rejoin it to the cluster failed with lock errors on the publisher. Upgrading them both separately allowed me to rejoin the subscriber to the publisher.
While attempting to clean up I tried to add the RADIUS certificate back to the subscriber - by exporting the one from the publisher and importing it (p12 format). When importing it I get the error "Certificate "OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US" in Trust List must have usage as "EAP"."
Any ideas on how to fix this? It fails if the subscriber is in the cluster or not. We'll be replacing the certificate in a few months anyway so if we have to get a different type then I'd rather know sooner rather than later. The Certificate (if it isn't obvious) is a trusted one from godaddy. I've not seen anything about certificate changes in change logs etc (but I could have easily missed it).
Thanks
------------------------------
Alan Wright
------------------------------