Cisco Cisco NAC Appliance 4.9.4 Technical Manual
Importing SSL Certificates to NAC Profiler
Document ID: 107726
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Main Task: Install the Certificate
Two Options
Option 1: Use OpenSSL Toolkit on Beacon/NPS to Generate Sign
Option 2: Generate/Submit CSR to Internal/External CA
Verify
Troubleshoot
Related Information
Prerequisites
Requirements
Components Used
Conventions
Main Task: Install the Certificate
Two Options
Option 1: Use OpenSSL Toolkit on Beacon/NPS to Generate Sign
Option 2: Generate/Submit CSR to Internal/External CA
Verify
Troubleshoot
Related Information
Introduction
The Profiler system web−based UI can use digital certificates so that the authenticity of the embedded web
server on the Cisco NAC Profiler Server can be verified by the browser as it connects for access to the Profiler
user interface served by HTTPS. The system leverages one of the most common applications of PKI and
digital certificates where the web browser validates that an SSL web server is authentic so that the user feels
secure that their interaction with the web server is, in fact, trusted and their communications with it secure.
This is the same mechanism that is used today to secure e−commerce and other secure communications with
web sites of many types that use SSL.
server on the Cisco NAC Profiler Server can be verified by the browser as it connects for access to the Profiler
user interface served by HTTPS. The system leverages one of the most common applications of PKI and
digital certificates where the web browser validates that an SSL web server is authentic so that the user feels
secure that their interaction with the web server is, in fact, trusted and their communications with it secure.
This is the same mechanism that is used today to secure e−commerce and other secure communications with
web sites of many types that use SSL.
The Profiler system ships with a "self−signed" digital certificate that allows access to the UI but without
verification of the onboard SSL web server as trusted. Until the default certificate is replaced with one created
with environment−specific attributes, such as the server name, and is signed by a Certificate Authority (CA),
web browsers that access the Profiler UI display a warning similar to this example, which indicate that the
browser does not recognize the CA that issued the certificate and is unable verify it as a trusted site.
verification of the onboard SSL web server as trusted. Until the default certificate is replaced with one created
with environment−specific attributes, such as the server name, and is signed by a Certificate Authority (CA),
web browsers that access the Profiler UI display a warning similar to this example, which indicate that the
browser does not recognize the CA that issued the certificate and is unable verify it as a trusted site.
Prerequisites