https://community.cisco.com/t5/network-security/self-signed-certificate-for-cca-nac-cam/m-p/1131605#M809052 <HTML><HEAD></HEAD><BODY><P>Got my cert to work after fixing my other problem.</P><P></P><P>The other problem was a single space after -----End Certificate-----</P><P>in the cert I bought for the CAS.</P><P></P><P>My formulae for creating a self signed cert was</P><P></P><P># Create a private key and certificate request # for your own CA:</P><P>openssl req -new -newkey rsa:2048 -out ca.csr -keyout ca.key</P><P></P><P># Create your CA's self-signed certificate</P><P># Set the days to 3650 so it will last 10 years</P><P>openssl x509 -trustout -signkey ca.key -days 3650 -req -in ca.csr -out ca.pem</P><P></P><P>#edit ca.pem so that the strings</P><P>#"TRUSTED CERTIFICATE" read "CERTIFICATE"</P><P></P><P># Generate a key for the server Cert</P><P>openssl genrsa -out server.key 2048</P><P># Generate a cert signing request for the server</P><P>openssl req -new -key server.key -out server.csr</P><P># Sign the request using your CA</P><P># ca.srl contains something like 02</P><P>openssl x509 -req -in server.csr -CA ca.pem -days 3650 -CAkey ca.key -CAserial ca.srl -out server.pem</P><P></P><P></P><P>You prolly want to edit your openssl.cnf first and fill in some of the defaults.</P></BODY></HTML> Fri, 17 Oct 2008 03:41:08 GMT Peter Yardley 2008-10-17T03:41:08Z https://community.cisco.com/t5/network-security/self-signed-certificate-for-cca-nac-cam/m-p/1131601#M809033 <P>Hi,</P><P></P><P>I recently upgraded my CCA servers to 4.1.6 and it wants me to replace the temporary cert on the CAM. I have replaced it with a cert I have signed with my CA and uploaded my CA Cert into the CAM and the CAS.</P><P></P><P>The CAM is happy, and my web browser will verify the cert, however I can't get communication with between the CAM and CAS to work. Anyone had any luck with this?</P> Fri, 21 Feb 2020 11:01:01 GMT https://community.cisco.com/t5/network-security/self-signed-certificate-for-cca-nac-cam/m-p/1131601#M809033 Peter Yardley 2020-02-21T11:01:01Z https://community.cisco.com/t5/network-security/self-signed-certificate-for-cca-nac-cam/m-p/1131602#M809035 <HTML><HEAD></HEAD><BODY><P>Hi Peter,</P><P></P><P>Are your CAS certs signed by the CA too? Is there anything in the CAM log about certificate errors?</P><P></P><P>Cheers,</P></BODY></HTML> Mon, 22 Sep 2008 06:44:56 GMT https://community.cisco.com/t5/network-security/self-signed-certificate-for-cca-nac-cam/m-p/1131602#M809035 cleidh_mor 2008-09-22T06:44:56Z https://community.cisco.com/t5/network-security/self-signed-certificate-for-cca-nac-cam/m-p/1131603#M809037 <HTML><HEAD></HEAD><BODY><P>Hi, </P><P></P><P>Yes I had loaded my CA cert into NAC as a CA Authority but I found another problem, to do with upgrading to 4.1.6, which is probably giving me grief and I'm waiting for the TAC to solve that one before I try again.</P></BODY></HTML> Tue, 23 Sep 2008 03:44:54 GMT https://community.cisco.com/t5/network-security/self-signed-certificate-for-cca-nac-cam/m-p/1131603#M809037 Peter Yardley 2008-09-23T03:44:54Z https://community.cisco.com/t5/network-security/self-signed-certificate-for-cca-nac-cam/m-p/1131604#M809049 <HTML><HEAD></HEAD><BODY><P>Did you find the solution for it.</P><P></P><P>I am also looking for it it is really a pain to first produce Certificates from any CA server then do this.</P><P></P><P></P><P></P></BODY></HTML> Tue, 07 Oct 2008 04:26:00 GMT https://community.cisco.com/t5/network-security/self-signed-certificate-for-cca-nac-cam/m-p/1131604#M809049 nasim_nasri 2008-10-07T04:26:00Z https://community.cisco.com/t5/network-security/self-signed-certificate-for-cca-nac-cam/m-p/1131605#M809052 <HTML><HEAD></HEAD><BODY><P>Got my cert to work after fixing my other problem.</P><P></P><P>The other problem was a single space after -----End Certificate-----</P><P>in the cert I bought for the CAS.</P><P></P><P>My formulae for creating a self signed cert was</P><P></P><P># Create a private key and certificate request # for your own CA:</P><P>openssl req -new -newkey rsa:2048 -out ca.csr -keyout ca.key</P><P></P><P># Create your CA's self-signed certificate</P><P># Set the days to 3650 so it will last 10 years</P><P>openssl x509 -trustout -signkey ca.key -days 3650 -req -in ca.csr -out ca.pem</P><P></P><P>#edit ca.pem so that the strings</P><P>#"TRUSTED CERTIFICATE" read "CERTIFICATE"</P><P></P><P># Generate a key for the server Cert</P><P>openssl genrsa -out server.key 2048</P><P># Generate a cert signing request for the server</P><P>openssl req -new -key server.key -out server.csr</P><P># Sign the request using your CA</P><P># ca.srl contains something like 02</P><P>openssl x509 -req -in server.csr -CA ca.pem -days 3650 -CAkey ca.key -CAserial ca.srl -out server.pem</P><P></P><P></P><P>You prolly want to edit your openssl.cnf first and fill in some of the defaults.</P></BODY></HTML> Fri, 17 Oct 2008 03:41:08 GMT https://community.cisco.com/t5/network-security/self-signed-certificate-for-cca-nac-cam/m-p/1131605#M809052 Peter Yardley 2008-10-17T03:41:08Z