NAC Certificate Expired

Unanswered Question
May 24th, 2010

I saw this message in my CAM:

Warning: Current and entity certificate has expired or is due to expire in less than 30 days

I know this is due to SSL certificate is ready to expire.. but i want to know what is the result if the certifcate expried after 30 days.

would CAS fail to operate?

would CAM fail to control CAS?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Faisal Sehbai Mon, 05/24/2010 - 14:46

You're using temp certs more than likely. Move to signed certs to fix this. To answer your question, yes the cam will not be able to control the cas if either party has an expired cert

Posted from my mobile device.

szekahungdanny Tue, 05/25/2010 - 09:21

how about the CAS??? would it immediate drop all connections??

or it could function normal and just the CAM fail to control CAS.?

Lauren Sullivan Tue, 05/25/2010 - 14:10

The CAS needs to communicate with the CAM to authenticate and posture assess unauthenticated users.

Depending on how you have fallback configured on your CAS, when it loses connection with the CAM (due to the CAM's cert expiring), it will either allow all connections, no connections, or allow already authenticated connections (http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cas/s_addSrvr.html#wp1098561).  By default, it will allow access only for already authenticated connections.

Actions

This Discussion