Subject: | |
From: | |
Reply To: | |
Date: | Wed, 12 Sep 2007 08:47:16 -0400 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Max,
In a Mac client here I found two root CA's pertaining to GTE Cybertrust.
One of them is expired and called GTE Cybertrust Root CA. One is valid
and called GTE Cybertrust Global Root CA.
Can you find out which one matches your CAS cert's CA?
Nate
Caines, Max wrote:
> Hi Nate
>
> This is a named certificate from a public CA (GTE CyberTrust). The browser
> didn't query it during the agent install process, so surely MacOS is OK with
> it too? Unfortunately I'm not in a position to contact the owner, so I can't
> be more definite than that.
>
> Regards
>
> Max
>
>
>> -----Original Message-----
>> From: Cisco Clean Access Users and Administrators
>> [mailto:[log in to unmask]] On Behalf Of Nathaniel Austin
>> Sent: 12 September 2007 12:30
>> To: [log in to unmask]
>> Subject: Re: [CLEANACCESS] MAC problem
>>
>> Max,
>>
>> MacOS has much more stringent certificate verification rules than
>> Windows. The two main things are:
>>
>> 1) CAS certificate has to be issued to a name. Windows can
>> accept certs
>> to IP address, but MacOS will not.
>> 2) The root cert for the CAS cert has to be already installed in the
>> MacOS Keychain. Even if you bought a cert from an external
>> CA, sometimes
>> that root CA will not exist on the Mac.
>>
>> Can you verify those two things?
>>
>> Thanks,
>>
>> Nate
>>
>> Caines, Max wrote:
>>
>>> Hi
>>>
>>> We are using CCA 4.1.2.0 L2 in-band real-IP gateway on our wireless
>>> network. I've got a MAC running MacOS 10.4.9 which has successfully
>>> installed the agent, but when the owner enters her credentials, the
>>> agent says "Cisco Clean Access Agent is having a problem
>>>
>> communicating
>>
>>> with the NAC server". The CAS certificate is a public one, and the
>>> browser didn't query it. If you try to access a Web page you get
>>> redirected back to the CAS, so the client clearly has
>>>
>> network access.
>>
>>> There are plenty of other people logged in, so it doesn't
>>>
>> appear to be
>>
>>> a CAS-CAM communication problem. The CAM log just says
>>>
>> "Unable to log
>>
>>> in". Any idea what this might be?
>>>
>>> Thanks
>>>
>>> Max Caines
>>> IT Services, University of Wolverhampton
>>> Wolverhampton, West Midlands WV1 1SB
>>> Tel: 01902 322245 Fax: 01902 322777
>>>
>>>
|
|
|