https://community.cisco.com/t5/network-security/how-many-cca-nac-ssl-ca-certificates-needed/m-p/1120399#M809020 <HTML><HEAD></HEAD><BODY><P>You will require one CA cert for the NAM pair and one for the NAS pair (thats 2 in total), you need to genetare the cert request with a FQDN that maps to your service ip address on your internal DNS srv, the Cert authority will not accept a cert request with a IP address.</P></BODY></HTML> Mon, 02 Mar 2009 09:41:13 GMT gabrielbryson 2009-03-02T09:41:13Z https://community.cisco.com/t5/network-security/how-many-cca-nac-ssl-ca-certificates-needed/m-p/1120397#M809016 <P>I have CAM and CAS failover bundle. 2 CAM and 2 CAS. I am purchasing a third-party Trusted CA. How many certificates will I need to purchase? </P><P></P><P>Do I need 1 cert for all the servers, 1 per F/O bundle, or 1 cert per server?</P><P></P><P>And can I use a private IP to generate the cert and not a domain? Because when I test the CSR on Thawte it shown invalid domain.</P> Fri, 21 Feb 2020 11:00:54 GMT https://community.cisco.com/t5/network-security/how-many-cca-nac-ssl-ca-certificates-needed/m-p/1120397#M809016 khary 2020-02-21T11:00:54Z https://community.cisco.com/t5/network-security/how-many-cca-nac-ssl-ca-certificates-needed/m-p/1120398#M809018 <HTML><HEAD></HEAD><BODY><P>We have a failover bundle for our CAS servers and only use 1 cert (on the shared address) for the bundle but you need a separate one for the cam.</P><P></P><P>I guess you will need 2 certs one cam and one cas.</P></BODY></HTML> Sun, 21 Sep 2008 00:27:25 GMT https://community.cisco.com/t5/network-security/how-many-cca-nac-ssl-ca-certificates-needed/m-p/1120398#M809018 Peter Yardley 2008-09-21T00:27:25Z https://community.cisco.com/t5/network-security/how-many-cca-nac-ssl-ca-certificates-needed/m-p/1120399#M809020 <HTML><HEAD></HEAD><BODY><P>You will require one CA cert for the NAM pair and one for the NAS pair (thats 2 in total), you need to genetare the cert request with a FQDN that maps to your service ip address on your internal DNS srv, the Cert authority will not accept a cert request with a IP address.</P></BODY></HTML> Mon, 02 Mar 2009 09:41:13 GMT https://community.cisco.com/t5/network-security/how-many-cca-nac-ssl-ca-certificates-needed/m-p/1120399#M809020 gabrielbryson 2009-03-02T09:41:13Z https://community.cisco.com/t5/network-security/how-many-cca-nac-ssl-ca-certificates-needed/m-p/1120400#M809022 <HTML><HEAD></HEAD><BODY><P>i've seen cert vendors issue certs for ip addresses.</P></BODY></HTML> Wed, 04 Mar 2009 14:35:33 GMT https://community.cisco.com/t5/network-security/how-many-cca-nac-ssl-ca-certificates-needed/m-p/1120400#M809022 srue 2009-03-04T14:35:33Z https://community.cisco.com/t5/network-security/how-many-cca-nac-ssl-ca-certificates-needed/m-p/1120401#M809024 <HTML><HEAD></HEAD><BODY><P>We have 2 CAS (not failover)&amp; 1 CAM.. As for uswer experience - it is only necessary to implement cert on CAS... The CAM cert - nobody will ever be affected expect engineering staff. Not a big deal</P></BODY></HTML> Wed, 04 Mar 2009 21:15:25 GMT https://community.cisco.com/t5/network-security/how-many-cca-nac-ssl-ca-certificates-needed/m-p/1120401#M809024 nagel 2009-03-04T21:15:25Z https://community.cisco.com/t5/network-security/how-many-cca-nac-ssl-ca-certificates-needed/m-p/1120402#M809025 <HTML><HEAD></HEAD><BODY><P>yes, with 2 cas servers (no HA) you need 2 certs....</P><P>any 3rd party cert installed on the cam is *mostly* for convenience.</P></BODY></HTML> Wed, 04 Mar 2009 23:54:35 GMT https://community.cisco.com/t5/network-security/how-many-cca-nac-ssl-ca-certificates-needed/m-p/1120402#M809025 srue 2009-03-04T23:54:35Z