Hi,

Yes I had loaded my CA cert into NAC as a CA Authority but I found another problem, to do with upgrading to 4.1.6, which is probably giving me grief and I'm waiting for the TAC to solve that one before I try again.

Did you find the solution for it.

I am also looking for it it is really a pain to first produce Certificates from any CA server then do this.

Got my cert to work after fixing my other problem.

The other problem was a single space after -----End Certificate-----

in the cert I bought for the CAS.

My formulae for creating a self signed cert was

# Create a private key and certificate request # for your own CA:

openssl req -new -newkey rsa:2048 -out ca.csr -keyout ca.key

# Create your CA's self-signed certificate

# Set the days to 3650 so it will last 10 years

openssl x509 -trustout -signkey ca.key -days 3650 -req -in ca.csr -out ca.pem

#edit ca.pem so that the strings

#"TRUSTED CERTIFICATE" read "CERTIFICATE"

# Generate a key for the server Cert

openssl genrsa -out server.key 2048

# Generate a cert signing request for the server

openssl req -new -key server.key -out server.csr

# Sign the request using your CA

# ca.srl contains something like 02

openssl x509 -req -in server.csr -CA ca.pem -days 3650 -CAkey ca.key -CAserial ca.srl -out server.pem

You prolly want to edit your openssl.cnf first and fill in some of the defaults.