cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1254
Views
5
Helpful
4
Replies

Network Error: Clean Access Server could not establish a secure connection to Clean Access Manager at

jmanzur1683
Level 1
Level 1

Hi, this is my question.

I have this problem:

Network Error:
Clean Access Server could not establish a secure connection to Clean Access Manager at XXXXXXXX.
This could be due to one or more of the following reasons: 1) Clean  Access Manager certificate has expired 2) Clean Access Manager  certificate cannot be trusted or 3) Clean Access Manager cannot be  reached.
Please report this to your network administrator.

-The cam and cas are synchronized with the time

-There is comunication betwen cam and cas by ssh

-I can Control the cas by the cam

The problem is when the user try to connecto to the network.

Please, i need some help.

Regards.

4 Replies 4

jmanzur1683
Level 1
Level 1

resolved.

Thks

Hi Jorge

I have exactly the same problem.

Can you tell me how you solved the problem?

Thank's in advance

Eduardo

Hi  Eduardo.

Its important, that the cam and cas are  with the same time, well max 5 minutes of diference.

the cam can ping the cas and cas to cam.

you have to control the cas by the cam

Now you have to enter to the cas and regenerate the ssl certificate (Administration>CCA Manager>SSL>Generate Temporaly Certificate) but with the ip of the cam, later you have to reboot the cas, and wait until the cas be online by ping.

Next, you have to enter to the cam and regenerate the ssl certificate with the ip of the cam at (SSL>Generate Temporaly Certificate), and reboot the cam.

when you finished this steps you going to lose the control of cas by the cam.

next, export the certificate from the cam to the cas with te private key. And when you import the the certificate of the cam to the cas you can control the cas again by the cam.

Thanks for your answer

I verify that the time was right in the CAM and the CAS and all good up there

The NAC solution that I am implementing is in Failover. I have 2 CAS and 2 CAM.

For the CAM's I use this names camsrv1 and camsrv2. then  generate a CSR in the camsrv1 with the name camsrv3.mycompany.com corresponding  to virtual ip and it exported to camsrv2, Install the CA certificate of the company and everything works perfect.

This is the failover configuration

CAM:
Primary: 10.1.206.248 camsr1.mycompany.com
Secondary: 10.1.206.249 camsrv2.mycompany.com
Virtual: 10.1.206.250 camsrv3.mycompany.com

Then I do exactly the same steps for the CAS's and this is the failover configuration:

Primary: 10.1.216.248 cassr1.mycompany.com
Secondary: 10.1.216.249 cassrv2.mycompany.com
Virtual: 10.1.216.250 cassrv3.mycompany.com

Then I add the certificate of CAM in the CAS on the tab "Trusted Certificate Authorities"  and vice versa.

The communication between the CAM and CAS is correct. I can ping the IP and the FQDN and I can also manage the CAS through the CAM.

Appreciate your help

Eduardo Navas

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: