Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAC Certificate Expired

I saw this message in my CAM:

Warning: Current and entity certificate has expired or is due to expire in less than 30 days

I know this is due to SSL certificate is ready to expire.. but i want to know what is the result if the certifcate expried after 30 days.

would CAS fail to operate?

would CAM fail to control CAS?

3 REPLIES

Re: NAC Certificate Expired

You're using temp certs more than likely. Move to signed certs to fix this. To answer your question, yes the cam will not be able to control the cas if either party has an expired cert

Posted from my mobile device.

New Member

Re: NAC Certificate Expired

how about the CAS??? would it immediate drop all connections??

or it could function normal and just the CAM fail to control CAS.?

New Member

Re: NAC Certificate Expired

The CAS needs to communicate with the CAM to authenticate and posture assess unauthenticated users.

Depending on how you have fallback configured on your CAS, when it loses connection with the CAM (due to the CAM's cert expiring), it will either allow all connections, no connections, or allow already authenticated connections (http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/412/cas/s_addSrvr.html#wp1098561).  By default, it will allow access only for already authenticated connections.

807
Views
5
Helpful
3
Replies