You cannot use a CA-signed certificate that you bought for the Clean Access Manager on the Clean
Access Server. You must buy a separate certificate for each Clean Access Server.

Web Console Pages for SSL Certificate Management

The actual CAM SSL certificate files are kept on the CAM machine, and the CAS SSL certificate files
are kept on the CAS machine. After installation, the CAM and CAS certificates can be managed from
the following web console pages (respectively):

Clean Access Manager Certificates:

•

Administration > CCA Manager > SSL Certificate

Clean Access Server Certificates:

•

CAS management pages: Device Management > CCA Servers > Manage [CAS_IP] > Network
> Certs, or

•

CAS direct access console: Administration > SSL Certificate

Note

You can use the CAS direct access console interface if the CAS management pages become
unavailable. See

Clean Access Server Direct Access Web Console, page 12-2

for further details.

The CAS management pages and CAS direct access console provide the same controls and allow you to
perform the following SSL certificate-related operations:

•

Generate a temporary certificate (and corresponding private key).

•

Generate a PEM-encoded PKCS #10 Certificate Signing Request (CSR) based on the current
temporary certificate.

•

Import and export the private key. The Export Key feature is used to save a backup copy of the
Private Key on which the CSR is based. When a CA-signed certificate is returned from the
Certificate Authority and imported into the CAS, this Private Key must be used with it.

Note

For High Availability CAS pairs, any CAS network setting changes performed on an HA-Primary CAS
through the CAS management pages or CAS direct access web console must also be repeated on the
standby CAS unit through its direct access web console. These settings include updating the SSL
certificate, system time/time zone, DNS, or Service IP. See

Clean Access Server Direct Access Web

Console, page 12-2

and

Modifying High Availability Settings, page 13-23

for details.