ā10-11-2010 01:25 PM - edited ā03-09-2019 11:12 PM
Hi, this is my question.
I have this problem:
Network Error:
Clean Access Server could not establish a secure connection to Clean Access Manager at XXXXXXXX.
This could be due to one or more of the following reasons: 1) Clean Access Manager certificate has expired 2) Clean Access Manager certificate cannot be trusted or 3) Clean Access Manager cannot be reached.
Please report this to your network administrator.
-The cam and cas are synchronized with the time
-There is comunication betwen cam and cas by ssh
-I can Control the cas by the cam
The problem is when the user try to connecto to the network.
Please, i need some help.
Regards.
ā10-11-2010 02:07 PM
resolved.
Thks
ā10-12-2010 01:49 PM
Hi Jorge
I have exactly the same problem.
Can you tell me how you solved the problem?
Thank's in advance
Eduardo
ā10-12-2010 03:03 PM
Hi Eduardo.
Its important, that the cam and cas are with the same time, well max 5 minutes of diference.
the cam can ping the cas and cas to cam.
you have to control the cas by the cam
Now you have to enter to the cas and regenerate the ssl certificate (Administration>CCA Manager>SSL>Generate Temporaly Certificate) but with the ip of the cam, later you have to reboot the cas, and wait until the cas be online by ping.
Next, you have to enter to the cam and regenerate the ssl certificate with the ip of the cam at (SSL>Generate Temporaly Certificate), and reboot the cam.
when you finished this steps you going to lose the control of cas by the cam.
next, export the certificate from the cam to the cas with te private key. And when you import the the certificate of the cam to the cas you can control the cas again by the cam.
ā10-12-2010 03:39 PM
Thanks for your answer
I verify that the time was right in the CAM and the CAS and all good up there
The NAC solution that I am implementing is in Failover. I have 2 CAS and 2 CAM.
For the CAM's I use this names camsrv1 and camsrv2. then generate a CSR in the camsrv1 with the name camsrv3.mycompany.com corresponding to virtual ip and it exported to camsrv2, Install the CA certificate of the company and everything works perfect.
This is the failover configuration
CAM:
Primary: 10.1.206.248 camsr1.mycompany.com
Secondary: 10.1.206.249 camsrv2.mycompany.com
Virtual: 10.1.206.250 camsrv3.mycompany.com
Then I do exactly the same steps for the CAS's and this is the failover configuration:
Primary: 10.1.216.248 cassr1.mycompany.com
Secondary: 10.1.216.249 cassrv2.mycompany.com
Virtual: 10.1.216.250 cassrv3.mycompany.com
Then I add the certificate of CAM in the CAS on the tab "Trusted Certificate Authorities" and vice versa.
The communication between the CAM and CAS is correct. I can ping the IP and the FQDN and I can also manage the CAS through the CAM.
Appreciate your help
Eduardo Navas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide