Cisco Cisco NAC Appliance 4.1.0
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
12-4
Cisco NAC Appliance - Clean Access Server Installation and Administration Guide
OL-12213-01
Chapter 12 Administer the Clean Access Server
Manage CAS SSL Certificates
•
•
•
•
•
•
Note
You cannot use a CA-signed certificate that you bought for the Clean Access Manager on the Clean
Access Server. You must buy a separate certificate for each Clean Access Server.
Access Server. You must buy a separate certificate for each Clean Access Server.
Web Console Pages for SSL Certificate Management
The actual CAM SSL certificate files are kept on the CAM machine, and the CAS SSL certificate files
are kept on the CAS machine. After installation, the CAM and CAS certificates can be managed from
the following web console pages (respectively):
are kept on the CAS machine. After installation, the CAM and CAS certificates can be managed from
the following web console pages (respectively):
Clean Access Manager Certificates:
•
Administration > CCA Manager > SSL Certificate
Clean Access Server Certificates:
•
CAS management pages: Device Management > CCA Servers > Manage [CAS_IP] > Network
> Certs, or
> Certs, or
•
CAS direct access console: Administration > SSL Certificate
Note
You can use the CAS direct access console interface if the CAS management pages become
unavailable. See
unavailable. See
for further details.
The CAS management pages and CAS direct access console provide the same controls and allow you to
perform the following SSL certificate-related operations:
perform the following SSL certificate-related operations:
•
Generate a temporary certificate (and corresponding private key).
•
Generate a PEM-encoded PKCS #10 Certificate Signing Request (CSR) based on the current
temporary certificate.
temporary certificate.
•
Import and export the private key. The Export Key feature is used to save a backup copy of the
Private Key on which the CSR is based. When a CA-signed certificate is returned from the
Certificate Authority and imported into the CAS, this Private Key must be used with it.
Private Key on which the CSR is based. When a CA-signed certificate is returned from the
Certificate Authority and imported into the CAS, this Private Key must be used with it.
Note
For High Availability CAS pairs, any CAS network setting changes performed on an HA-Primary CAS
through the CAS management pages or CAS direct access web console must also be repeated on the
standby CAS unit through its direct access web console. These settings include updating the SSL
certificate, system time/time zone, DNS, or Service IP. See
through the CAS management pages or CAS direct access web console must also be repeated on the
standby CAS unit through its direct access web console. These settings include updating the SSL
certificate, system time/time zone, DNS, or Service IP. See
and
for details.