Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2855
Views
0
Helpful
5
Replies

NAC Microsoft CA Certificate

rhobab
Level 1
Level 1

‎02-22-2010 08:37 AM - edited ‎02-21-2020 03:53 AM

I'm having trouble with certificates for my NAC environment. I have generated the CSR with the private key. I have then requested certificate from a Windows 2003 Server CA Authority. I'm not sure which item to use so I have tried with Administrator, Web Server and User. I download the certificate from the CA and try uploading to the CAM and always keep getting "Must include end entity". I'm not sure if I'm doing the whole process correctly seeing as there is not much information to using a Microsoft CA. Has any one done this and can give me a help.

Thanks

Victor

0 Helpful
5 Replies 5

Faisal Sehbai
Level 7
Level 7

‎02-22-2010 08:50 AM

Victor,

You need the web server certificate for your CAM. Make sure you save the private key somewhere safe also. Once you get the cert from the MS CA, open the cert and the private key in notepad and combine them in one file. Upload that file to the CAM under the X509 tab under SSL. Now this would work under the assumption that you're working with the latest CCA. If it's something different, please post that.

HTH,

Faisal

0 Helpful

rhobab
Level 1
Level 1
In response to Faisal Sehbai

‎02-22-2010 09:11 AM

Hello Faisal

Here is what I did. I went to CAM and generated a CSR and exported the CSR with the private key. Also I exported only the private key for safe keeping.

Then I went to the Microsoft CA web page and submitted my request as a Web Server. And download the certificate provided (certnew.cer) I opened this with notepad and the private key as well and copied and pasted the private key into the certnew.cer and saved it as a new file cert.txt. I then tried to import the cert-txt file via the X509 Certificate page. Still I get the message "Must include end entity certificate".

Somewhere along the line I'm missing a step, I just don't know what.

All help appreciated

Victor

0 Helpful

Faisal Sehbai
Level 7
Level 7
In response to rhobab

‎02-22-2010 10:42 AM

Victor,

Can you post your certificate and key for review. If posting to a public forum is not possible, can you please send it to my email? Also you haven't verified what version of CCA are you on?

Thanks,

Faisal

fasehbai @ cisco.com

0 Helpful

rhobab
Level 1
Level 1
In response to Faisal Sehbai

‎02-22-2010 10:50 AM

Hello Faisal

I've managed to install the certificates. I'm using version 4.7.1. What is necessary is to convert the DER format to PEM format and everything works fine.

Thanks for the help though

Victor

0 Helpful

omprakash singh
Level 1
Level 1

‎06-17-2014 01:26 AM

I am having trouble while importing SSL certificate that we have purchased from geo trust, However if we genrate self signed certificate it works perfectly fine for 3 month. Problm is every 3 month we have to regenrate the certificate. TO overcome this we have purchased SSL certificate. Any help suggetsion is appreciated.

I am attching the error snapshots for refrence " must include end entity certificate"

 

 

Preview file
47 KB
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card