Re: SSL cert issue

[Rob Chee]

You've got two problems. 1.  Wildcard SSL certificates are not support for NAC Appliance.  See the reference below along with the associated text. http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/416/CAS/s_admin.html#wp1074628 Cisco NAC Appliance does not support "wildcard" certificates. 2.  When adding the certificate chain, you have to put the intermediate certificate and root certificate in the same file and the import that file into the NAC Appliance.  See the reference below http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/416/CAS/s_admin.html#wp1074671 ------------------------------------------------------ Rob Chee, CCIE #8188 (R&S and Security) Senior Network Consultant Chesapeake NetCraftsmen, LLC. Company Website: http://www.netcraftsmen.net My Blog: http://cnc-networksecurity.blogspot.com Mobile: 571-437-2829 ------------------------------------------------------ bouchaiba wrote: Hi, We just purchased new cert from DigiCert, it's one of those wild card so I exported the csr from clean access server, went to their site generate the request for cert for clean access server.I got an email from them that has 3 attached file one is called DigicertCA.crt , the second one is called Trusted root.crt and the third one is called star_emmanuel.edu.crt , Now when I uploaded star_emmanuel.edu.crt to the clean access server and try to verify and install I keep getting this error: unable to establish certificate chains.Please upload the correct root/intermediate CA I have tried each file that I got from them and I still keep getting the same error? Do I have to combine like two of them in one file or something like this? Please help.