Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Process to upgrade Certs in NAC 4.7.2 OOB VG HA environment

I am in the process of replacing the CCA manager certificate which is about to expire. My environment is HA and as such consists of two CAM servers and two pairs of HA-CAS servers.

First - I have submitted and generated the CAM server certificate (Easy enough as the CAM SSL is accessible via the GUI.) I think, although I'm not sure that I need to generate a new cert for the CAS(S).

If I do I need to access at least one CAS in an HA pair via the GUI. Does it matter which one? When I attempt to GUI to the "secondary" CAS in a pair I am of course being treated like a device that need to be "NAC'd".

To access the CAS I think I need to stop perfigo services which should drop me out of the HA pair. True?

Will I need to take each server out of "service" to update the cert.

If there is a document sequence of events I would love to see it.



Everyone's tags (4)
CreatePlease login to create content