Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
1
Replies

NAC 4.8 CAM and CAS Certificate Expired and CA wont renew cert with FQDN as private ip address

mrieber171
Level 1
Level 1

‎01-08-2014 10:04 PM - edited ‎03-10-2019 09:15 PM

     I installed NAC 4.8 with a CAS and CAM a few years back and the customer used godaddy to purchase the SSL Certificates for communication between the CAM and the CAS, recently they recieved this error:

“  NAC Server has an attention warning ”Current end entity certificate has expired.” CCA Server Certificate for X509 certificates.   “

The godaddy certificate is expired and when the customer went to godaddy to renew it they were told that godaddy no longer supports thier certificates with private RFC 1913 addresses.

Does anyone know of a CA that will issue a certificate with a private ip address?

Do I need to implement a private CA and generate my own Certs, the customer would rather not do this if it is not required?

Not sure if this is an option but I was thinking if I somehow used DNS to resolve the hostnames and use a FQDN in the certificate?

Just want to know what my options are so I can provide the customer with the best solution, hoping others can provide some advice and their experience?

Thanks,

Mark

Labels:
0 Helpful
1 Reply 1

edwjames
Level 3
Level 3

‎01-09-2014 05:12 AM

Hi,

I think even digicert has stopped this:

http://www.digicert.com/internal-names.htm

yes, using FQDN + DNS might help.

Also, if you can setup an internal company CA, that would do the job if your customer is ok with it.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents