[ Pobierz całość w formacie PDF ]

Configuring Cisco NAS Certificates
Step 1: Generate a temporary certificate.
Step 2: Export the CSR.
Step 3: Export the private key for backup.
Step 4: Send the CSR to a CA.
Step 5: When the CA-signed certificate is received, import the
CA-signed certificate.
Step 6: Test the certificate by logging into the Cisco NAS as a client.
© 2007 Cisco Systems, Inc. All rights reserved. CANAC v2.1 5-15
Follow these six steps to configure Cisco NAS certificates for a typical Cisco NAC Appliance
installation:
Step 1 Generate a temporary certificate.
Step 2 Export the certificate signing request (CSR).
Step 3 Export the private key for backup.
Step 4 Send the CSR to a CA.
Step 5 When the CA-signed certificate is received from the CA, import the CA-signed
certificate.
Step 6 Test the configuration by accessing the server as a client.
© 2007 Cisco Systems, Inc. Cisco NAC Appliance Monitoring and Administration 5-35
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc.,
for the sole use by Cisco employees for personal study. The files or printed representations may not be
used in commercial training, and may not be distributed for purposes other than individual self-study.
Generating a Temporary Certificate
1
2
3
4
© 2007 Cisco Systems, Inc. All rights reserved. CANAC v2.1 5-16
Follow these four steps to generate a temporary certificate:
Step 1 Choose Administration > Clean Access Manager and click the SSL Certificate
tab.
Step 2 Choose Generate Temporary Certificate from the Choose an Action drop-down
menu.
Step 3 Enter the appropriate values for the following fields:
Full Domain Name or IP: The fully qualified domain name or IP address of the
Cisco NAM that you will apply the certificate to. For example:
camanager.
Organization Unit Name: The name of the unit within the organization, if
applicable
Organization Name: The legal name of the organization
City Name: The city in which the organization is legally located
State Name: The full name of the state in which the organization is legally
located
2-Letter Country Code: The two-character, ISO-format country code, such as
GB for Great Britain or US for the United States
Step 4 Click Generate.
Note Typically, after generating a temporary certificate, you can generate a certificate-signing
request based on the certificate.
5-36 Implementing Cisco NAC Appliance (CANAC) v2.1 © 2007 Cisco Systems, Inc.
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc.,
for the sole use by Cisco employees for personal study. The files or printed representations may not be
used in commercial training, and may not be distributed for purposes other than individual self-study.
Troubleshooting Certificate Issues
Issue Resolution
The private key in Cisco NAM does not Import the old private key again and then install the CA-
match the CA-signed certificate. signed certificate.
The signed certificate is not trusted. Import the single root CA or intermediate CA to .chain.crt
in the admin console.
Append to the end of the perfigo-ca-bundle.crt file.
Certificates are regenerated for DNS Review the considerations before proceeding.
name instead of IP address.
The certificate-related files are corrupt. Edit the certificate files directly in the file system.
© 2007 Cisco Systems, Inc. All rights reserved. CANAC v2.1 5-17
These are the issues regarding certificate management in Cisco NAC Appliance:
The private key in Cisco NAM may not match the CA-signed certificate. This issue can
arise, for example, if an administrator generates a CSR, backs up the private key, and then
sends the CSR to a CA. After the CSR has been sent, another administrator regenerates a
temporary certificate. When the CA-signed certificate is returned from the CA, the private
key on which the CA certificate is based no longer matches the one in the Cisco NAM.
To resolve this issue, import the old private key again and then install the CA-signed
certificate.
The signed certificate may not be trusted. If the user sees a page warning that the certificate [ Pobierz całość w formacie PDF ]
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • dudi.htw.pl
    		•
    Linki
    Powered by wordpress | Theme: simpletex | © To, co siÄ™ robi w łóżku, nigdy nie jest niemoralne, jeÅ›li przyczynia siÄ™ do utrwalenia miÅ‚oÅ›ci.