Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5472
Views
10
Helpful
39
Replies

NAC 4.7

adamgibs7
Level 6
Level 6

‎06-10-2010 07:08 AM - edited ‎02-21-2020 03:59 AM

Hello friends,

When i logged in NAC 4.7 i  get this errors:

Warning: Current end entity certificate has expired or is due to expire in less than 30 days.

can anybody help me for this

1 person had this problem
0 Helpful
39 Replies 39

game123
Level 1
Level 1
In response to Faisal Sehbai

‎06-21-2010 07:43 AM

Well, you pointed out the right thing. Well, on the DNS we have entries like 192.168.55.1 to nam and 192.168.66.1 to nas

so endusers can ping nam and nas respectively with names and with ip addresses also.

If my cert is wrong, then how can i have a 192.168.55.1 (nam) and 192.168.66.1 (nas) are connected !

I know something went wrong between NAS and NAM connectivity , but even before redirection was supposed to take place right ....

Yes still we didnt put the NewCert.crt file (that was downloaded from NAM) is not put in user trusted root certificates...my friend has just done it , and we can only check tomorrow ....


if you think we should not use nam or nas names , then i will regenerate the certs and use IPs instead of names ...

Can you please read all of my points above and correct where i am wrong, please ! that be very kind of you...sir...

Kamran.

* i have imported the NAM( 192.168.55.1) details in .rar file and also NAS (192.168.66.1) details as well.

* do i have to import to users only NAM NewCert.crt file ? right !!!! it should be ok with this right ? please confirm.

68057-CAS NAS.rar.zip
0 Helpful

ahmed.gadi
Level 1
Level 1
In response to Faisal Sehbai

‎06-12-2011 05:49 PM

Faisel,

can you please tell me what do you mean by install it on CAS and the import it in Trusted Certificate Store on CAM ?

Generate CAS cert on CAS

- Save it on your local machine and then install it on the CAS using the CAS admin GUI

Reboot CAS

- Take the CAS cert and import it in the Trusted Certificate Store on theCAM. This is the second tab when you click on SSL in CAM GUI

Regards

Ahmed...

0 Helpful

game123
Level 1
Level 1

‎06-21-2010 07:47 AM

Well, another query, is , while i play with certificates, do my confiuration of nam and nas will stay as it is or it will be deleted !!! can you plz confirm, i am running 4.7.2 ?

0 Helpful

game123
Level 1
Level 1
In response to game123

‎06-21-2010 08:07 AM

Well, following your idea, i tried to swap the name from nam to nas in the url field and the page of Salaah Methanol ,for authentication came before me..!!!!

i think this is good right ?

Well, but how to fix it ?? i am too much perplexed since, my cert has finally got "connected " and i tried the same procedure then how come things went wrong ???

Sir,

i have 1 NAM (192.168.55.1) appliace + 1 NAS (192.168.66.1) appliance.

i did same steps of openssl that you defined on both the boxes ,even got connected.

how this redirection is giving error , how to fix it sir... even after this page, i am not proceeding....so definitely something went wrong again in certs

guide me please.....i know it is difficult for you to give 1 man so much time , but really, i value it and i am lucky to get assitance from you like this...

?????

waiting...crossed fingers!

261 KB
0 Helpful

game123
Level 1
Level 1
In response to game123

‎06-21-2010 08:19 AM

Sir,

if you can point out any of the screenshots that is wrong, please let me know....

If you pin point some errors or changes to be made , let me know,.... i have taken 3 screenshots of SSL section of NAM and 2 screenshots of NAS.

I am sure if you can highlight the things that should look different or needs change, i will be able to understand since i have tried making openssl already so there will be no problem in commands, but wanna know the error ... please see my attachment pictures...they are latest screenshots...!!!!

My MGR IP : 192.168.55.1

My SVR IP : 192.168.66.1

Kamran ..... !

358 KB
0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to game123

‎06-21-2010 11:24 AM

Kamran,

So from the screenshots it seems like on the CAM you have a certificate with the CN of NAS, and the CAS you have certificate installed with the CN of NAM.

Key question is if on the client you do a nslookup NAS, what IP is returned? If it's the IP of the NAM, then this is wrong. If it returns the IP of the NAS and you're still not getting redirected, then problem lies somewhere else.

You're overly complicating this. The NAM cert should go on the NAM and in the Trusted Cert Store on the NAS. The NAS cert should go on the NAS, and the Trusted Cert Store on the NAM. NAS should resolve to NAS's IP, and NAM should resolve to NAM's IP. Currently you have it inverted.

Faisal

game123
Level 1
Level 1
In response to Faisal Sehbai

‎06-21-2010 11:21 PM

U rock !

LOOKS GREAT NOW ! CONFIGS ALSO STAYED........and even AGENT now downloading...I WILL CONTINUE TRYING FOR 1 MORE DAY AND UPDATE YOU .....

0 Helpful

game123
Level 1
Level 1
In response to game123

‎06-22-2010 09:51 PM

Kindly see the attachment , i am getting the ceritifcate yes/no pop on on client machines...which cert shall i push thru AD 2008 GPO ?

NAS CERT or NAM CERT ?

please do reply..awaiting ! ....

94 KB
0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to game123

‎06-23-2010 12:05 PM

Kamran,

The NAS cert, or in your case, whatever cert you have installed on your NAS (since you had a cert called NAM installed on the NAS)

HTH,

Faisal

0 Helpful

game123
Level 1
Level 1
In response to Faisal Sehbai

‎06-26-2010 01:27 AM

I have exported x.509 cert chain.pem from NAS and given to Shoaib( customer administrator on site) to push it via 2008 AD GPO to users, he will let me know soon. Thanks for the tip !

Well, my ccie lab exam. is in sept 2010 ..

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card