cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1148
Views
0
Helpful
7
Replies

3rd parties Cert import to NAC, CAM

russkwong
Level 1
Level 1

I generate the cert request from NAC CAM and give the file to the customer. Then customer give me back several file including "CAM.key, CAM.crt and CAM_DigiCertCA.crt".

When I import to the NAC, it fail and got the message "Must include end entity certificate .."

What is problem? Any step I missing?

7 Replies 7

Faisal Sehbai
Level 7
Level 7

What file are you trying to import into the CAM? Can you just double click on the CAM.crt file and verify that it is indeed the identity cert?

Faisal

tprendergast
Level 3
Level 3

It looks like you have a chained cert and need to build a single certificate file from this. Review these docs and you should be good to go:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/461/cam/m_admin.html#wp1078189

Which should tell you to look at:

http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/461/cam/m_admin.html#wp1040438

Hope that helps.

I combine the "Key", "Cert" and "CA Cert" to .pem and import to NAC Manager, and got the following message:

"Must include end entity certificate .."

What is the "end entity certificate" ?

Try to combine (concatenate) only the private key and the certificate of the CAS (using notepad).

The CA Certificate should be imported first in the Trusted Certificate Authorities menu.

The "End entity certificate" is the actual certificate you got for your CAS. Depending on the version of CCA you have you'll have to either import just that cert, or in newer versions (4.5 or 4.6) you'll have to combine the private key and the cert and upload that.

If all this is still unclear, best open a TAC case and let an engineer take a look at what you have.

HTH,

Faisal

I cannot find any document about combine crt to pem, I try to combine using the method of WLC and using openssl. But got an other error message "encounterd error while reading private key from uploaded file ... DER length more then 4 bytes.

Did any useful link or step can reference?

Russ,

No tool needed for that. Just open your cert in notepad, open your key in notepad, and copy/paste both the files in a new file.

Call it cert.pem. Import that.

HTH,

Faisal

Review Cisco Networking for a $25 gift card