Clean Access Agent logging in to Random CAS

Unanswered Question
Jul 20th, 2009
User Badges:


We have configured NAC in L3 OOB out of band mode where enforcement is defined at Remote Router end. We have defined Discovery IP address from CAS untrusted interface (note that we have not configured Policy base Routing scenario)but most of the time user try to connect to other CAS though its not there in Discovery Host. e.g. if Discovery IP is then its logging in to . Even Cisco TAC is also not able to find the root cause. Can any pne help me out in this?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
amritpatek Mon, 07/27/2009 - 11:33
User Badges:
  • Silver, 250 points or more

Obtaining the Root Certificate from the CAS

Because Internet Explorer allows exporting of the CAS certificate, this section describes how to obtain the root certificate on a Windows system. Administrators can then transfer the certificate to their Mac via email as an attachment, FTP, or USB storage device.

There are three ways to retrieve the root certificate:

•Get the Root Certificate From the Mac OS X Agent Bundle

•Transfer the Root Certificate from Windows Using Internet Explorer

•Use Web Login to Get the Root Certificate

Get the Root Certificate From the Mac OS X Agent Bundle

Step 1 In the Finder, go to /Applications/

Step 2 Ctrl-click on the to display the context menu.

Step 3 Choose Show Package Contents and search for the "perfigoca.crt" certificate in the /Contents/Resources/ folder.

Step 4 Drag and drop the "perfigoca.crt" certificate to the keychain.


This Discussion