Rand, I think the problem is this. Anyone can request a CCA Demo license & get the code.
Those having the code can generate any ssl certificate they wish signed by perfigo.com. Anyone trusting certificates signed by perfigo.com will also trust those potentially malicious certificates. That is why the 4.1.6 documentation recommends real certs any removing the perfigo.com trust from all clients. The docs indicate a need for trusted certs on the CASs, but I believe the CASs & CAM certs need / should by from the came CA. At least, that's my interpretation. Regards, Bruce Osborne Liberty University -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Hall, Rand Sent: Thursday, August 07, 2008 7:50 AM To: [email protected] Subject: Re: [CLEANACCESS] 4.1.6 Software Posted So, what are the ramifications for leaving the Perfigo certificate in place? I have a "real" certificate installed on the CAS but not on the CAM. I'm scheduled to update tomorrow morning but am not looking forward to being dead in the water if the certificate is a deal-killer. Cheers, Rand -- Rand P. Hall * Director, Network Services Merrimack College * SunGard Higher Education 315 Turnpike Street, North Andover MA 01845 * Tel 978-837-5000 Fax 978-837-5383 * [EMAIL PROTECTED] * www.sungardhe.com CONFIDENTIALITY: This e-mail (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this e-mail in error, please notify the sender and delete this e-mail from your system. -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Muhammad Ismail Sent: Wednesday, August 06, 2008 3:53 PM To: [email protected] Subject: Re: 4.1.6 Software Posted We have installed the version 4.1.6 on a test environment. Does not look too different from version 4.1.3.1. However, one thing you would notice right away is a message with red text asking you make sure you have certificates for CAM and CAS. See the message in screen shot. Muhammad/. Muhammad I. Ismail Network Security Specialist Western CT State University (203) 837-8991 (O) [EMAIL PROTECTED] -----Original Message----- From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Eric Kenny Sent: Wednesday, August 06, 2008 11:40 AM To: [email protected] Subject: Re: 4.1.6 Software Posted Yes. Eric J. Kenny Network Analyst Marist College 3399 North Rd. Poughkeepsie, NY 12601 845.575.3820 On Aug 6, 2008, at 10:35 AM, Walt Howd wrote: > Has the 4.1.6 agent been released for 4.1.3 installations? We have > auto update of the agent disabled. > > Walt
