I'm using Internal CA (Microsoft Win 2003 CA) to provide SSL certificates to NAC. The problem is that, end users are still getting warnings on login to the network the same way as when i was using the Perfigo Certificate. I've tried to install the server certificate to clients but still the CA is seems to be untrusted. Does this mean that i have to buy certificates from trusted Authorities like Verisign or still there is something i can do to my CA? Please help.
The second problem will come up if you're trying to access the device in question with a name that is different than what the cert says the name should be. For example if your cas is named cas1.abc.com and you try to access it with the url consisting of the ip address for that CAS, you will see that message. Ensure that the CN you have for the certificate is what you're using to access the CAS and you shouldn't see that problem.
Thanks for your reply. See the attachment. When on clients i click on "
To trust certificates issued from this certification authority, install this CA certificate.'". I'm not very good on setup PKI. How do i get and install the root certificate. My CA is Standalone Root CA.
Thanks for your assistance. I had two warnings one was that "The Certificate was not from a trusted authority" (Resolved by you last reply) and the other is saying that "The Certificate does not match the site you are viewing". This is still persisting. Please if you know the reason.
The second problem will come up if you're trying to access the device in question with a name that is different than what the cert says the name should be. For example if your cas is named cas1.abc.com and you try to access it with the url consisting of the ip address for that CAS, you will see that message. Ensure that the CN you have for the certificate is what you're using to access the CAS and you shouldn't see that problem.
At the begining i created Certificate requests using FQDN of the appliances as CN. Although i could access the appliances using FQDNs for some reasons CAS was redirecting using IP Address. I've recreated the Certificates using IPs as CNs and now it is working fine. Thank you very much for your support.
What error are you getting during the certificate import? You need to create a X509 Certification Request (for CAS and also for CAM) under the SSL certificate section. Export the request (remember to select the Private Key also during the export of the request).
I have managed to solved the problem. I had to convert the certificates supplied by the Microsoft CA from DER to PEM.
Victor
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
