Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAC Guest Server - Adding Digital Certificate

Hi

I have a nac guest server 2.0.1 and i dont want the clients to get a warning message when they connect to the site so i obtained a cert file from the customer's internal CA.

The signed cert is in .pem format. The customer's security dudes were expecting me to have to enter a password when I applied the cert, however there is no option to do this when you upload the pem file via the GUI.

I got an error saying somethig like "the certificate does not match the private key", so I reboot the server and viola the ssl service is broken. I had to restore the original self signed cert from a backup to get SSL connections to the server working again.

So this is annoying me, how or where do I enter a password to get the CA signed certificate working?

http://www.cisco.com/en/US/products/ps6305/products_configuration_example09186a00809d50f4.shtml

This URL describes a process of combining the signed certificate from the CA with the private key to create the final cert using a password via the CLI.

Is this process applicable to the NAC Guest Server? Seems to me like there is something missing from the doco to get this working...

3 REPLIES
New Member

Re: NAC Guest Server - Adding Digital Certificate

Did you ever figure this out?  I'm in the same boat, just uploaded a signed cert and broke SSL.  I have a TAC case opened but anything you found would be helpful.  Thanks.

New Member

Re: NAC Guest Server - Adding Digital Certificate

No sorry, never got it to work and gave up on it.

When I rebooted the NGS that time and broke SSL I had the box set to accept SSL connections only so I couldnt even browse back into it.

However, there is a backup of the self signed cert on the box itself in a different directory, you can get at it via ssh. I logged in via ssh, found the backup cert, copied it over the cert I uploaded and rebooted. Then I could browse into it again.

Lesson learnt - make sure you have HTTP enabled before you reboot the box with a new SSL cert Save you a bit of grief.

New Member

Re: NAC Guest Server - Adding Digital Certificate

I have the same issue. Can you please tell me where on the NAC Guest Servier appliance the current imported and original self signed certificate are stored please? Sace me lots of time with find and grep :-)

644
Views
0
Helpful
3
Replies