NAC Microsoft CA Certificate

Unanswered Question
Feb 22nd, 2010
User Badges:

I'm having trouble with certificates for my NAC environment. I have generated the CSR with the private key. I have then requested certificate from a Windows 2003 Server CA Authority. I'm not sure which item to use so I have tried with Administrator, Web Server and User. I download the certificate from the CA and try uploading to the CAM and always keep getting "Must include end entity". I'm not sure if I'm doing the whole process correctly seeing as there is not much information to using a Microsoft CA. Has any one done this and can give me a help.


Thanks


Victor

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Faisal Sehbai Mon, 02/22/2010 - 08:50
User Badges:
  • Gold, 750 points or more

Victor,


You need the web server certificate for your CAM. Make sure you save the private key somewhere safe also. Once you get the cert from the MS CA, open the cert and the private key in notepad and combine them in one file. Upload that file to the CAM under the X509 tab under SSL. Now this would work under the assumption that you're working with the latest CCA. If it's something different, please post that.


HTH,

Faisal

rhobab Mon, 02/22/2010 - 09:11
User Badges:

Hello Faisal


Here is what I did. I went to CAM and generated a CSR and exported the CSR with the private key. Also I exported only the private key for safe keeping.

Then I went to the Microsoft CA web page and submitted my request as a Web Server. And download the certificate provided (certnew.cer) I opened this with notepad and the private key as well and copied and pasted the private key into the certnew.cer and saved it as a new file cert.txt. I then tried to import the cert-txt file via the X509 Certificate page. Still I get the message "Must include end entity certificate".


Somewhere along the line I'm missing a step, I just don't know what.


All help appreciated


Victor

Faisal Sehbai Mon, 02/22/2010 - 10:42
User Badges:
  • Gold, 750 points or more

Victor,


Can you post your certificate and key for review. If posting to a public forum is not possible, can you please send it to my email? Also you haven't verified what version of CCA are you on?


Thanks,

Faisal

fasehbai @ cisco.com

rhobab Mon, 02/22/2010 - 10:50
User Badges:

Hello Faisal


I've managed to install the certificates. I'm using version 4.7.1. What is necessary is to convert the DER format to PEM format and everything works fine.


Thanks for the help though


Victor

omprakash singh Tue, 06/17/2014 - 01:26
User Badges:

I am having trouble while importing SSL certificate that we have purchased from geo trust, However if we genrate self signed certificate it works perfectly fine for 3 month. Problm is every 3 month we have to regenrate the certificate. TO overcome this we have purchased SSL certificate. Any help suggetsion is appreciated.

I am attching the error snapshots for refrence " must include end entity certificate"

 

 

Attachment: 

Actions

This Discussion