NAC SSL certifitcate - Internal CA vs. 3rd Party Cert

Unanswered Question
Dec 29th, 2009
User Badges:

What, if any, drawbacks are there to using Internal CA generated certs (ex. Microsoft CA Server) vs. 3rd Party Certs?

Besides the obvious drawback that you have to add the internal CA server to all the NAC devices and I'm guessing clients running the NAC Agent must also trust the internal CA server as well....

Are there any limitations on what can be done with clients that are not necessarily running the NAC Agent software with using an Internal CA?

Any other limitiations?

What is the recommended cert implementation?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Faisal Sehbai Tue, 12/29/2009 - 11:58
User Badges:
  • Gold, 750 points or more


No differerence, except that using a third party cert simplifies the process in that majority of the clients already trust the root certs of the well known CAs. Other than that if you have a way of distributing your internal CA's root cert to your clients, it should work just fine with internal certs.




This Discussion