Hey Kurt (and all) -

Thanks - that's just what I was afraid I was going to have to do. I'll
set up a change management period for it now... Sigh...:) Thanks!

- Sean

----

Sean Hennessey

Networking and Information Security Systems Administrator

The University of Portland


-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of Kurt Huenemann
Sent: Wednesday, July 09, 2008 1:31 PM
To: [log in to unmask]
Subject: Re: Cert Question

Sean,

These are the instructions from Cisco TAC that worked for us last time 
we renewed our certs.  Maybe something here will help you?

====================
1) From CAM web console, manage the CAS, go to the Certs section and 
export the current private key, then the certificate.

Save this somewhere safe.

2) During a maintenance window, generate a new temporary certificate for

the CAS using the UI.  Please make sure that you fill all the fields 
correctly.  Once the new certificate is generated, export the new 
private key and a CSR (certificate signing request).

3) During the same maintenance window, import back the old private key, 
and certificate, verify and upload the cert and restart the CAS (service

perfigo restart or reboot whichever is easier).

4) Send the CSR obtained in step#2 for signing.  Once you receive the 
signed cert back, perform step #3 except with the new private key and 
the newly received signed cert.  And restart the CAS.
=======================

Kurt