Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC 4.1.3

Hello Friends,

I have setup a New NAC 4.1.3. when users login they get the popup of certificate to press the YES button, i have generated the certificate in manager and server as per the user guide,

where i m missing something???? i think something in the certificate. The Certificate that i generated will be valid till when??

Thanks,

3 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: NAC 4.1.3

Hi Estela,

4.1.3 uses perfigo signed certs and it is a matter of importing the perfigo root certs to your PC's to get rid of that popup error. You may need to figure out ways such as window GPO's to automate this job. But given the fact that perfigo CA is a non standard CA, it is recommended to purchase a cert from 3rd party CA's such as verisign, godaddy etc and install them on the CAS. Most/ All PC' will have this CA cert installed by default and they wont see this popup error also.

Thanks,

Mani

New Member

Re: NAC 4.1.3

Hello Tiago,

Which is the place that i have to manually install the cert file in client PC is it the right place below i m heading to.

Internet Explorer>Tools>Content>Certificate>Import

I have exported a certificate from CAS  trusted Certificate Authorities TAB.

Thanks.

Cisco Employee

Re: NAC 4.1.3

Yep, that is one way of doing it.

Make sure you import it under the trusted root certification authorities.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

6 REPLIES
Cisco Employee

Re: NAC 4.1.3

Hi Estela,

4.1.3 uses perfigo signed certs and it is a matter of importing the perfigo root certs to your PC's to get rid of that popup error. You may need to figure out ways such as window GPO's to automate this job. But given the fact that perfigo CA is a non standard CA, it is recommended to purchase a cert from 3rd party CA's such as verisign, godaddy etc and install them on the CAS. Most/ All PC' will have this CA cert installed by default and they wont see this popup error also.

Thanks,

Mani

New Member

Re: NAC 4.1.3

Hello Friends,

The cacerts.cer file which is located in Trusted Certificate Authorities that has to be distributed through GP, I just want to do for 1 user PC than i will do with the rest where i have to put these cacerts.cer manually in end user PC??????

Thanks,

Cisco Employee

Re: NAC 4.1.3

Hi,

You have to put the CA cert (or the CAS and CAM cert if using the SSC) under the trusted certification authorities of the client PC, so that the client trusts the perfigo certs.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

New Member

Re: NAC 4.1.3

Hello Tiago,

Which is the place that i have to manually install the cert file in client PC is it the right place below i m heading to.

Internet Explorer>Tools>Content>Certificate>Import

I have exported a certificate from CAS  trusted Certificate Authorities TAB.

Thanks.

Cisco Employee

Re: NAC 4.1.3

Yep, that is one way of doing it.

Make sure you import it under the trusted root certification authorities.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

New Member

Re: NAC 4.1.3

Thanks Tiago,

Many thanks for clearing doub'ts.

The Ratings are not reflecting by a (TICK) on thread.

Thanks

272
Views
24
Helpful
6
Replies