05-24-2010 09:24 AM - edited 02-21-2020 03:58 AM
I saw this message in my CAM:
Warning: Current and entity certificate has expired or is due to expire in less than 30 days
I know this is due to SSL certificate is ready to expire.. but i want to know what is the result if the certifcate expried after 30 days.
would CAS fail to operate?
would CAM fail to control CAS?
05-24-2010 02:46 PM
You're using temp certs more than likely. Move to signed certs to fix this. To answer your question, yes the cam will not be able to control the cas if either party has an expired cert
Posted from my mobile device.
05-25-2010 09:21 AM
how about the CAS??? would it immediate drop all connections??
or it could function normal and just the CAM fail to control CAS.?
05-25-2010 02:10 PM
The CAS needs to communicate with the CAM to authenticate and posture assess unauthenticated users.
Depending on how you have fallback configured on your CAS, when it loses connection with the CAM (due to the CAM's cert expiring), it will either allow all connections, no connections, or allow already authenticated connections (http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cas/s_addSrvr.html#wp1098561). By default, it will allow access only for already authenticated connections.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: