12-15-2009 08:28 AM - edited 02-21-2020 03:49 AM
Hello there,
I'm using Internal CA (Microsoft Win 2003 CA) to provide SSL certificates to NAC. The problem is that, end users are still getting warnings on login to the network the same way as when i was using the Perfigo Certificate. I've tried to install the server certificate to clients but still the CA is seems to be untrusted. Does this mean that i have to buy certificates from trusted Authorities like Verisign or still there is something i can do to my CA? Please help.
regards,
Stanslaus.
Solved! Go to Solution.
12-15-2009 10:37 AM
Stanslaus,
If you click on that link, does it tell you to download a cert?
If so, take that file to the client and double click on it. It should install in the correct store automatically.
HTH,
Faisal
01-23-2010 08:22 PM
Stanslaus,
The second problem will come up if you're trying to access the device in question with a name that is different than what the cert says the name should be. For example if your cas is named cas1.abc.com and you try to access it with the url consisting of the ip address for that CAS, you will see that message. Ensure that the CN you have for the certificate is what you're using to access the CAS and you shouldn't see that problem.
HTH,
Faisal
12-15-2009 10:06 AM
Stanslaus,
You need to take the Root certificate and install that on the clients.
HTH,
Faisal
12-15-2009 10:27 AM
Hi Faisal,
Thanks for your reply. See the attachment. When on clients i click on "
To trust certificates issued from this certification authority, install this CA certificate.'". I'm not very good on setup PKI. How do i get and install the root certificate. My CA is Standalone Root CA.
Thanks.
Stanslaus.
12-15-2009 10:37 AM
Stanslaus,
If you click on that link, does it tell you to download a cert?
If so, take that file to the client and double click on it. It should install in the correct store automatically.
HTH,
Faisal
01-19-2010 12:04 AM
Hi Faisal,
Happy new year 2010!!.
I was on leave and had no time to work on this.
Thanks for your assistance. I had two warnings one was that "The Certificate was not from a trusted authority" (Resolved by you last reply) and the other is saying that "The Certificate does not match the site you are viewing". This is still persisting. Please if you know the reason.
regards,
Stanslaus.
01-23-2010 08:22 PM
Stanslaus,
The second problem will come up if you're trying to access the device in question with a name that is different than what the cert says the name should be. For example if your cas is named cas1.abc.com and you try to access it with the url consisting of the ip address for that CAS, you will see that message. Ensure that the CN you have for the certificate is what you're using to access the CAS and you shouldn't see that problem.
HTH,
Faisal
01-24-2010 09:59 AM
Thanks Faisal,
At the begining i created Certificate requests using FQDN of the appliances as CN. Although i could access the appliances using FQDNs for some reasons CAS was redirecting using IP Address. I've recreated the Certificates using IPs as CNs and now it is working fine. Thank you very much for your support.
regards,
Stanslaus.
02-22-2010 08:41 AM
Hello. Could you help on how you managed to get the Microsoft CA to issue
certificates for NAC. I'm having trouble installing them in NAC and am not sure that I am requesting them correctly.
Thanks
Victor
02-26-2010 04:53 AM
Hi Victor,
What error are you getting during the certificate import? You need to create a X509 Certification Request (for CAS and also for CAM) under the SSL certificate section. Export the request (remember to select the Private Key also during the export of the request).
Then follow the steps in the following link:
http://technet.microsoft.com/en-us/library/cc736590%28WS.10%29.aspx
After getting the certificate follow steps to import the certificate outlined in the NAC configuration Guide.
regards,
Stanslaus.
02-26-2010 06:35 AM
Hello
I have managed to solved the problem. I had to convert the certificates supplied by the Microsoft CA from DER to PEM.
Victor
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide