cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1107
Views
0
Helpful
3
Replies

NAC Guest Server - Adding Digital Certificate

j-mccarthy
Level 1
Level 1

Hi

I have a nac guest server 2.0.1 and i dont want the clients to get a warning message when they connect to the site so i obtained a cert file from the customer's internal CA.

The signed cert is in .pem format. The customer's security dudes were expecting me to have to enter a password when I applied the cert, however there is no option to do this when you upload the pem file via the GUI.

I got an error saying somethig like "the certificate does not match the private key", so I reboot the server and viola the ssl service is broken. I had to restore the original self signed cert from a backup to get SSL connections to the server working again.

So this is annoying me, how or where do I enter a password to get the CA signed certificate working?

http://www.cisco.com/en/US/products/ps6305/products_configuration_example09186a00809d50f4.shtml

This URL describes a process of combining the signed certificate from the CA with the private key to create the final cert using a password via the CLI.

Is this process applicable to the NAC Guest Server? Seems to me like there is something missing from the doco to get this working...

3 Replies 3

Thomas Hontz Jr
Level 1
Level 1

Did you ever figure this out?  I'm in the same boat, just uploaded a signed cert and broke SSL.  I have a TAC case opened but anything you found would be helpful.  Thanks.

No sorry, never got it to work and gave up on it.

When I rebooted the NGS that time and broke SSL I had the box set to accept SSL connections only so I couldnt even browse back into it.

However, there is a backup of the self signed cert on the box itself in a different directory, you can get at it via ssh. I logged in via ssh, found the backup cert, copied it over the cert I uploaded and rebooted. Then I could browse into it again.

Lesson learnt - make sure you have HTTP enabled before you reboot the box with a new SSL cert Save you a bit of grief.

I have the same issue. Can you please tell me where on the NAC Guest Servier appliance the current imported and original self signed certificate are stored please? Sace me lots of time with find and grep :-)

Review Cisco Networking for a $25 gift card