Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC agent is giving pop up on client side. i have chain.pem in hand ? what to do ?

i have asked my client to push chain.pem file to all the active directory users but he is saying it is not working, Attached is the screenshot of the popup he is getting ????

I have asked him to try chain.pem export from GUI from NAS/CAS machine....

and if dont work i asked him to try chain.pem export from GUI from NAM/CAM machine.....

? what mistakes or things he should take care in the GPO of ACTIVE DIRECTORY ??? any guidance please......

1 ACCEPTED SOLUTION

Accepted Solutions

Re: NAC agent is giving pop up on client side. i have chain.pem

Kamran,

You just need to install the root certificate of the CA which signed the CASs certificate. If the CAS certificate is self-signed, you just need the CAS certificate and have that installed in the root stores of the client machines.

Please verify with your client what is he pushing out to his machines, and how. Check on an affected machine to see if they have the root cert in their store or not.

HTH,

Faisal

3 REPLIES

Re: NAC agent is giving pop up on client side. i have chain.pem

Hi,

What is this chain.pem? Is it the root certificate which has signed the CAS certificate, or is it the CAS certificate itself?

Faisal

New Member

Re: NAC agent is giving pop up on client side. i have chain.pem

Well, here is the thing :

1. I last time did whole procedure with your last posting on another discussion bullet , and openssl worked well enough !

2. Now from GUI i can see that i can export the chain.pem file both from NAS and NAM......right !!!

3. All is working fine but customer complained that he is getting pop up messages on client side. I suggested him to export the certificate from NAS and import in AD 2008 in and push thru GPO to clients..... ( i am not sure he did this or not ) , but later he said it didnt work....

4. Then I asked him to try it out with NAM certificate export and test it. he said it didnt work and clients still get the message pop up.

The fact is when we export from GUI the file name is the same chain.pem from both the boxes......  so is there any tip or clue as to how to see this and rectify the issue for the clients....

???

Kamran...

Re: NAC agent is giving pop up on client side. i have chain.pem

Kamran,

You just need to install the root certificate of the CA which signed the CASs certificate. If the CAS certificate is self-signed, you just need the CAS certificate and have that installed in the root stores of the client machines.

Please verify with your client what is he pushing out to his machines, and how. Check on an affected machine to see if they have the root cert in their store or not.

HTH,

Faisal

294
Views
0
Helpful
3
Replies