Cisco NAC Guest server ssl certificate

MikeFulstow · ‎05-04-2011

I've just tried to install an SSL certificate from our internal issuing CA to overcome the certificate error when browsing to the NAC guest server. I can no longer browse to the NAC Guest server as there is a reported mismatch in the private key. Can someone please tell me how I can either replace the new certificate with the old one if it is backed up, using the CLI? Alternatively does anyone know how to generate a new localhost cert from the CLI?

Thanks in advance for your help,

Mike.

rgreville666 · ‎07-12-2011

To uplaod a private key follow this...

http://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/g_setup.html#wp1095977

If the private key and Cert don't match you will get numerous issues with the DB, I suggest disabling replication before doing any work relating to PKI.

Grev

MikeFulstow · ‎07-12-2011

Hi Grev,

Thanks for this. I ended up raising a TAC case and they directed me to this link. After getting the various cert locations and importing the cert it works fine from either CLI or GUI. If absolutely necessary you can use the openssl toolset to re-generage CSR but it's generally best to backup the original web server SSL cert before you start!

Thanks for the reply,

Mike.

vinmangal · ‎01-17-2019

Hi,

Could you guide me on how to renew existing SSL certificate on Cisco NGS.

Please confirm if following setps are correct

From the administration interface, select Server > SSL Setting

Create CSR

Download CSR

Upload new Certificate issue by CA team

Reboot server