Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Clean Access Agent logging in to Random CAS


We have configured NAC in L3 OOB out of band mode where enforcement is defined at Remote Router end. We have defined Discovery IP address from CAS untrusted interface (note that we have not configured Policy base Routing scenario)but most of the time user try to connect to other CAS though its not there in Discovery Host. e.g. if Discovery IP is then its logging in to . Even Cisco TAC is also not able to find the root cause. Can any pne help me out in this?



Re: Clean Access Agent logging in to Random CAS

Obtaining the Root Certificate from the CAS

Because Internet Explorer allows exporting of the CAS certificate, this section describes how to obtain the root certificate on a Windows system. Administrators can then transfer the certificate to their Mac via email as an attachment, FTP, or USB storage device.

There are three ways to retrieve the root certificate:

•Get the Root Certificate From the Mac OS X Agent Bundle

•Transfer the Root Certificate from Windows Using Internet Explorer

•Use Web Login to Get the Root Certificate

Get the Root Certificate From the Mac OS X Agent Bundle

Step 1 In the Finder, go to /Applications/

Step 2 Ctrl-click on the to display the context menu.

Step 3 Choose Show Package Contents and search for the "perfigoca.crt" certificate in the /Contents/Resources/ folder.

Step 4 Drag and drop the "perfigoca.crt" certificate to the keychain.

CreatePlease login to create content