Wondering if anyone had experienced this issue after a server certificate renewal (version 4.8/latest 4.8.0.569 Mac Agent) and could point me in the right direction. In advance, I'm not a Mac person. :-)
Over the Christmas break, NAC server certs were renewed (Entrust signed). The PC's (all flavors) and OS X v10.6.x didn't miss a beat with the new certificate; no obvious login/authentication issues. With OSX 10.5.8, we had to manually import certs to allow agent login a la: Run Safari on the Mac; Safari displays a "Safari can't verify the identity of the website "our.nac.server" warning. Click on "Show Certificate", check-mark "Always trust "our.nac.server" when connecting to "our.nac.server". Click continue. Provide the password required "to make changes to your Certificate Trust Settings" (machine specific). Confirmed an intermediateCA Entrust Certification Authority - L1C certificate and "our.nac.server" certificate has been added to the "login" KeyChain in Keychain Access. At this point re-launch the Mac OSX CCA Agent client. Not elegant but appears to work. With Mac OSX versions in the 10.4.x branch, the above does not work for us. :-( e.g. OS X 10.4.11; Safari 4.1.2 (4533.18.5); Keychain 3.3 (25367) Doing an "Always trust "our.nac.server" when connecting to "our.nac.server" import with Safari adds the "our.nac.server" certificate and "Entrust Certification Authority - L1C" (intermediateCA) to the login Keychain; the RootCA appears in X509Anchors. Unfortunately, re-launching Safari again suggests that the cert is still not trusted and again provides a "Safari can't verify the identity of the website "our.nac.server" warning on subsequent launches. RootCA: Entrust.net Certification Authority (2048) IntermediateCA: Entrust Certification Authority - L1C On attempting to login via the Agent, the agent screen disappears for a couple of seconds upon login, then reappears requesting login credentials. Since it's a supported O/S with a supported Agent, wondering if anyone has seen this? It might be less a NAC issue and more of a Mac-ignorant issue relating to my understanding of Keychain and cert. imports on the local machine. Thanks in advance. Terry
