Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAC 4.8 CAM and CAS Certificate Expired and CA wont renew cert with FQDN as private ip address

     I installed NAC 4.8 with a CAS and CAM a few years back and the customer used godaddy to purchase the SSL Certificates for communication between the CAM and the CAS, recently they recieved this error:

“  NAC Server has an attention warning ”Current end entity certificate has expired.” CCA Server Certificate for X509 certificates.   “

The godaddy certificate is expired and when the customer went to godaddy to renew it they were told that godaddy no longer supports thier certificates with private RFC 1913 addresses.

Does anyone know of a CA that will issue a certificate with a private ip address?

Do I need to implement a private CA and generate my own Certs, the customer would rather not do this if it is not required?

Not sure if this is an option but I was thinking if I somehow used DNS to resolve the hostnames and use a FQDN in the certificate?

Just want to know what my options are so I can provide the customer with the best solution, hoping others can provide some advice and their experience?

Thanks,

Mark

1 REPLY
Silver

NAC 4.8 CAM and CAS Certificate Expired and CA wont renew cert w

Hi,

I think even digicert has stopped this:

http://www.digicert.com/internal-names.htm

yes, using FQDN + DNS might help.

Also, if you can setup an internal company CA, that would do the job if your customer is ok with it.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
157
Views
0
Helpful
1
Replies