Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
590
Views
0
Helpful
3
Replies

NAC agent is giving pop up on client side. i have chain.pem in hand ? what to do ?

Go to solution
game123
Level 1
Level 1

‎07-25-2010 01:18 AM - edited ‎02-21-2020 04:02 AM

i have asked my client to push chain.pem file to all the active directory users but he is saying it is not working, Attached is the screenshot of the popup he is getting ????

I have asked him to try chain.pem export from GUI from NAS/CAS machine....

and if dont work i asked him to try chain.pem export from GUI from NAM/CAM machine.....

? what mistakes or things he should take care in the GPO of ACTIVE DIRECTORY ??? any guidance please......

Preview file
55 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to game123

‎07-26-2010 07:48 AM

Kamran,

You just need to install the root certificate of the CA which signed the CASs certificate. If the CAS certificate is self-signed, you just need the CAS certificate and have that installed in the root stores of the client machines.

Please verify with your client what is he pushing out to his machines, and how. Check on an affected machine to see if they have the root cert in their store or not.

HTH,

Faisal

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Faisal Sehbai
Level 7
Level 7

‎07-25-2010 10:44 PM

Hi,

What is this chain.pem? Is it the root certificate which has signed the CAS certificate, or is it the CAS certificate itself?

Faisal

0 Helpful

Go to solution
game123
Level 1
Level 1
In response to Faisal Sehbai

‎07-26-2010 12:09 AM

Well, here is the thing :

1. I last time did whole procedure with your last posting on another discussion bullet , and openssl worked well enough !

2. Now from GUI i can see that i can export the chain.pem file both from NAS and NAM......right !!!

3. All is working fine but customer complained that he is getting pop up messages on client side. I suggested him to export the certificate from NAS and import in AD 2008 in and push thru GPO to clients..... ( i am not sure he did this or not ) , but later he said it didnt work....

4. Then I asked him to try it out with NAM certificate export and test it. he said it didnt work and clients still get the message pop up.

The fact is when we export from GUI the file name is the same chain.pem from both the boxes......  so is there any tip or clue as to how to see this and rectify the issue for the clients....

???

Kamran...

0 Helpful

Go to solution
Faisal Sehbai
Level 7
Level 7
In response to game123

‎07-26-2010 07:48 AM

Kamran,

You just need to install the root certificate of the CA which signed the CASs certificate. If the CAS certificate is self-signed, you just need the CAS certificate and have that installed in the root stores of the client machines.

Please verify with your client what is he pushing out to his machines, and how. Check on an affected machine to see if they have the root cert in their store or not.

HTH,

Faisal

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card