12-08-2009 12:56 AM - edited 02-21-2020 03:49 AM
Hi
I have a nac guest server 2.0.1 and i dont want the clients to get a warning message when they connect to the site so i obtained a cert file from the customer's internal CA.
The signed cert is in .pem format. The customer's security dudes were expecting me to have to enter a password when I applied the cert, however there is no option to do this when you upload the pem file via the GUI.
I got an error saying somethig like "the certificate does not match the private key", so I reboot the server and viola the ssl service is broken. I had to restore the original self signed cert from a backup to get SSL connections to the server working again.
So this is annoying me, how or where do I enter a password to get the CA signed certificate working?
http://www.cisco.com/en/US/products/ps6305/products_configuration_example09186a00809d50f4.shtml
This URL describes a process of combining the signed certificate from the CA with the private key to create the final cert using a password via the CLI.
Is this process applicable to the NAC Guest Server? Seems to me like there is something missing from the doco to get this working...
07-21-2010 06:13 AM
Did you ever figure this out? I'm in the same boat, just uploaded a signed cert and broke SSL. I have a TAC case opened but anything you found would be helpful. Thanks.
07-21-2010 06:24 AM
No sorry, never got it to work and gave up on it.
When I rebooted the NGS that time and broke SSL I had the box set to accept SSL connections only so I couldnt even browse back into it.
However, there is a backup of the self signed cert on the box itself in a different directory, you can get at it via ssh. I logged in via ssh, found the backup cert, copied it over the cert I uploaded and rebooted. Then I could browse into it again.
Lesson learnt - make sure you have HTTP enabled before you reboot the box with a new SSL cert Save you a bit of grief.
05-04-2011 05:43 PM
I have the same issue. Can you please tell me where on the NAC Guest Servier appliance the current imported and original self signed certificate are stored please? Sace me lots of time with find and grep :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide