Kamran,

Try to generate the CAM cert on the CAM and the CAS cert on the CAS. I'm not sure why you're using the other box to generate the certs.

If this doesn't work for you, please get third party certs or use the GUI to generate certs.

Thanks,

Faisal

Well, sir i have only used cas and cam so far. There is no other box involved. The screenshots of my post have cas screenshot and cam screenshot showing the certs i generated. I used the same names,, since both appliances are unique so i think naming wont affect.

I will try to do the exercise again,

Just curious , "how can  i disable active certiificate, it is not deleting and says it is in use " and time validity is yes !

????

thanks.

kamran !

Kamran,

You don't delete the existing certificate. When you import a new one, it replaces the old one. This is true for the X509 tab.

For the Trusted Certificate Store, remove the old CAS certificate from the CAM Trusted Certificate Store, and then re-import the new CAS cert in the CAM store. Likewise, remove all the old CAM certs from the CAS Trusted Certificate Store, and then import the CAM cert in the CAS's Trusted Certificate Store.

If all of this fails, then stick with the GUI option, since I'm not sure what you're doing wrong, and TAC won't be able to help you since this is unsupported procedure to begin with.

HTH,

Faisal

Ok. then I will try the whole process again.

Thanks for being there for me ....

Kamran !

(update you after this , sir ! )

success !!!!

i have got it this time, i dont know what i was doing wrong , but it rocks and works !!!!

thanks a billlion bro.... keep in touch (waise ,  oman is not nowdays !!!! )

attached is a proof of connected with openssl ...... the date and time is coming on windows 7 taskbar!

I AM FACING "a new problem now "

1>  I have to update the GPO for users to use NewCert.crt file  ? right ? for the users to connect right !!!!

2> Does this solve the AD Users ? since as you know we have AD Integration to users.... ?

Please let me know..NAC ( CAS to CAM is showing connected now ! )

waiting for reply,

Kamran....

Well i have got success between CAS and CAM , but now i have another issue :

Agent is not downloading ....... but CAM and CAS shows connected !!!

I am facing AGENT downloading issues:

what happens is as follows :

when people open browser, they go to 192.168.66.1 which is my cas / nas ..... it gives me option to wait or select myself to redirect, in both cases...i gives a page with nothing..and reports 500 http error.....

attaching a screenshot.

i checked a few things and here is the error :

In windows titlebar it says : HTTP 400 BAD REQUEST

In url window , the url redirects to  automatically : https://nam/auth/perfigo_weblogin.jsp?cm=ws32vklm&uri=http%3A%2F%2F192.168.66.1%2F

Please note that i have nam : 192.168.55.1 and nas: 192.168.66.1

Now nam and nas are connected, but agent software is not downloading....

All of the following are working fine :

To add more info :

here is what happening :

1. CERT between CAS and CAM shows  "Connected"

2. I can access thru ssh and thru web both cas and cam.

issues after CERT :

3. Agent software is not downloading (this is 1 thing i observed ) ? i have no clue what i have to check or see for ????? since i only did the CERT thingy....

4 Those machines who already have agent, they can go to the authentication page, but their username / password is not working with local user database or with active directory ????

What are the things i should look into ???? please , i know you are expert, and can let me know the quickies to look for ..sir !!!! ( btw, my cert error of 30 days is gone, thanks to you )  , but ran into another issue ?????

anxiously waiting for you online...

kamran ~

Kamran,

Did you reboot your devices after installing the certs?

Faisal

Sir,

I have rebooted via ssh session both the appliances remotely.....twice today.

Moreover, interesting thing is, when i locally go to CAM/NAM and go to Auth Servers section, and take a auth test , for local users and for ad users, it goes "successful" in blue color ... but for real end-users it is not working .... ????

i have just now rebooted again , let us see...

any additinoal settings you want me to see or look for ?

TWO QUERIES:

============

* Right now we have not put the cert of the end-users,just testing with local user account "testuser"

* Is it important that for all users to authenticate or download the agent, certificate must be installed for end-usesr PCs ???

Thanks sir..waiting.

Kamran.

Kamran,

You're doing something wrong again. Why is the certificate named "NAM" on the CAS? Assuming that's just a mistake, can the end clients resolve NAM on their machines? When the redirect happens, it will try to resolve NAM and try to go to that page. So two things to confirm here:

- Can they resolve the name?

- Are they really supposed to be going to NAM?

Faisal