NAC Microsoft CA Certificate

Unanswered Question
Feb 22nd, 2010

I'm having trouble with certificates for my NAC environment. I have generated the CSR with the private key. I have then requested certificate from a Windows 2003 Server CA Authority. I'm not sure which item to use so I have tried with Administrator, Web Server and User. I download the certificate from the CA and try uploading to the CAM and always keep getting "Must include end entity". I'm not sure if I'm doing the whole process correctly seeing as there is not much information to using a Microsoft CA. Has any one done this and can give me a help.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Faisal Sehbai Mon, 02/22/2010 - 08:50


You need the web server certificate for your CAM. Make sure you save the private key somewhere safe also. Once you get the cert from the MS CA, open the cert and the private key in notepad and combine them in one file. Upload that file to the CAM under the X509 tab under SSL. Now this would work under the assumption that you're working with the latest CCA. If it's something different, please post that.



rhobab Mon, 02/22/2010 - 09:11

Hello Faisal

Here is what I did. I went to CAM and generated a CSR and exported the CSR with the private key. Also I exported only the private key for safe keeping.

Then I went to the Microsoft CA web page and submitted my request as a Web Server. And download the certificate provided (certnew.cer) I opened this with notepad and the private key as well and copied and pasted the private key into the certnew.cer and saved it as a new file cert.txt. I then tried to import the cert-txt file via the X509 Certificate page. Still I get the message "Must include end entity certificate".

Somewhere along the line I'm missing a step, I just don't know what.

All help appreciated


Faisal Sehbai Mon, 02/22/2010 - 10:42


Can you post your certificate and key for review. If posting to a public forum is not possible, can you please send it to my email? Also you haven't verified what version of CCA are you on?



fasehbai @

rhobab Mon, 02/22/2010 - 10:50

Hello Faisal

I've managed to install the certificates. I'm using version 4.7.1. What is necessary is to convert the DER format to PEM format and everything works fine.

Thanks for the help though


omprakash singh Tue, 06/17/2014 - 01:26

I am having trouble while importing SSL certificate that we have purchased from geo trust, However if we genrate self signed certificate it works perfectly fine for 3 month. Problm is every 3 month we have to regenrate the certificate. TO overcome this we have purchased SSL certificate. Any help suggetsion is appreciated.

I am attching the error snapshots for refrence " must include end entity certificate"





This Discussion