Process to upgrade Certs in NAC 4.7.2 OOB VG HA environment

Unanswered Question
Mar 15th, 2012
User Badges:

I am in the process of replacing the CCA manager certificate which is about to expire. My environment is HA and as such consists of two CAM servers and two pairs of HA-CAS servers.

First - I have submitted and generated the CAM server certificate (Easy enough as the CAM SSL is accessible via the GUI.) I think, although I'm not sure that I need to generate a new cert for the CAS(S).

If I do I need to access at least one CAS in an HA pair via the GUI. Does it matter which one? When I attempt to GUI to the "secondary" CAS in a pair I am of course being treated like a device that need to be "NAC'd".

To access the CAS I think I need to stop perfigo services which should drop me out of the HA pair. True?

Will I need to take each server out of "service" to update the cert.

If there is a document sequence of events I would love to see it.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion