https://community.cisco.com/t5/network-security/nac-framework-deployment/m-p/696205#M806718 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>CTA 802.1x supplicant uses only EAP-FAST.</P><P></P><P>So On the client you need to either uncheck "validate server certificate" on take the ACS Certificate/Root certificate of the CA Server and add it in the store. To add in the store use :-</P><P></P><P>ctacert /ui 5 /add "path to certificate" /store "root"</P><P></P><P>Regards,</P><P>Vivek</P></BODY></HTML> Mon, 05 Mar 2007 14:46:19 GMT Vivek Santuka 2007-03-05T14:46:19Z https://community.cisco.com/t5/network-security/nac-framework-deployment/m-p/696204#M806717 <P>Hi All,</P><P></P><P>I have a problem with the NAC deployment.</P><P>Currently i try to setup the lab for deploy 802.1x solution. </P><P>I have follow the step configure the NAD (switch), ACS,....but i still receive the error message that mention i don't have certificate in personal store as credential for authentication.</P><P></P><P>Anyone can help? </P><P></P><P> </P><P></P> Fri, 21 Feb 2020 09:26:04 GMT https://community.cisco.com/t5/network-security/nac-framework-deployment/m-p/696204#M806717 chenyokechuan 2020-02-21T09:26:04Z https://community.cisco.com/t5/network-security/nac-framework-deployment/m-p/696205#M806718 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>CTA 802.1x supplicant uses only EAP-FAST.</P><P></P><P>So On the client you need to either uncheck "validate server certificate" on take the ACS Certificate/Root certificate of the CA Server and add it in the store. To add in the store use :-</P><P></P><P>ctacert /ui 5 /add "path to certificate" /store "root"</P><P></P><P>Regards,</P><P>Vivek</P></BODY></HTML> Mon, 05 Mar 2007 14:46:19 GMT https://community.cisco.com/t5/network-security/nac-framework-deployment/m-p/696205#M806718 Vivek Santuka 2007-03-05T14:46:19Z https://community.cisco.com/t5/network-security/nac-framework-deployment/m-p/696206#M806719 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Thanks for help, may i know how to disable "validate server certificate" on the CTA agent? For the CA, it is MUST be a root CA? if i plan to test it on lab environment, can i setup a standalone/standard CA?</P><P></P><P>Thanks</P><P>Chen</P></BODY></HTML> Tue, 06 Mar 2007 01:02:47 GMT https://community.cisco.com/t5/network-security/nac-framework-deployment/m-p/696206#M806719 chenyokechuan 2007-03-06T01:02:47Z https://community.cisco.com/t5/network-security/nac-framework-deployment/m-p/696207#M806720 <HTML><HEAD></HEAD><BODY><P>Chen,</P><P></P><P>You can setup a standalone CA or even use the self signed certificate from ACS.</P><P></P><P>Regards,</P><P>Vivek</P></BODY></HTML> Tue, 06 Mar 2007 13:26:49 GMT https://community.cisco.com/t5/network-security/nac-framework-deployment/m-p/696207#M806720 Vivek Santuka 2007-03-06T13:26:49Z https://community.cisco.com/t5/network-security/nac-framework-deployment/m-p/696208#M806721 <HTML><HEAD></HEAD><BODY><P>Hi Vivek,</P><P></P><P>Thanks a lot, i will try it.</P><P></P><P>Thanks</P><P>Chen</P></BODY></HTML> Tue, 06 Mar 2007 14:47:49 GMT https://community.cisco.com/t5/network-security/nac-framework-deployment/m-p/696208#M806721 chenyokechuan 2007-03-06T14:47:49Z