 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Tue, 27 Jun 2006 17:37:27 -0400 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
It's pretty easy.
Since I have to do that, I've typed it up as I did it.
Device Management > Clean Access Servers > your clean access server
Network > Certs
Action: Export CSR / Private Key / Certificate
1. Export your private key (to back it up)
2. Export a CSR save it as something you will find. I usually name it
like so: ccasmachinename.domain.edu.csr
Submit your CSR to your Certificate Authority. (I've used both Verisign
and IPSCA in the past. IPSCA is free for edu's. (1 year certs))
They'll give you a cert back. (Usually installing it VIA Internet
explorer when you visit the claim page, so make sure you use IE with the
CA sites)
Export it from your machine as a PEM encoded x.509 cert (I can detail
this more if you want, but it's a longer process than what I've just
typed)
Goto
Device Management > Clean Access Servers > your clean access server
Network > Certs
Action Import Certificate
Upload the CA-signed PEM encoded x.509 cert
Depending on your CA, you might have to uploade a Root/Intermediate CA.
(For example, if you roll your own CA)
Hit the Verify and install Uploaded Certificates.
This used to require the CAS to reboot, so plan for that. (I don't know
if it does it now, but It's easier to plan for it.)
You have to perform this action on BOTH of your CAS's on the HA pair.
So visit the secondary unit by using it's management URL.
https://servername.domain.edu/admin
SSL Cert's on the left. Same directions as above.
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of Janzen, Dwight
> Sent: Tuesday, June 27, 2006 4:23 PM
> To: [log in to unmask]
> Subject: Re: SSL Certificate on HA Pairs
>
> Thank you for the response.
>
> We would like to start out by having one certificate for the
> CAS in order for the students not to have to accept our
> certificate each time they access clean access. With HA
> enabled on the CAS we would like just one generic certificate
> on both the primary CAS and failover CAS.
>
> It would be nice to update the CA certificate on the CAM but
> that is not our primary goal.
> dj
>
> Dwight Janzen
> Systems Manager
> Computer Services
> North Park University
> 3225 West Foster Avenue
> Chicago, IL 60625-4895
> 773-244-5545 Office
> 773-279-7304 Fax
> [log in to unmask]
>
>
> -----Original Message-----
> From: Perfigo SecureSmart and CleanMachines Discussion List
> [mailto:[log in to unmask]] On Behalf Of King, Michael
> Sent: Tuesday, June 27, 2006 3:11 PM
> To: [log in to unmask]
> Subject: Re: SSL Certificate on HA Pairs
>
> What would you like to put the certificate on? The CAS or the CAM?
> The CAS is easy. The CAM is a little more difficult. (Since you also
> have to put the RootCert on the CAS as well)
>
> > -----Original Message-----
> > From: Perfigo SecureSmart and CleanMachines Discussion List
> > [mailto:[log in to unmask]] On Behalf Of Janzen, Dwight
> > Sent: Tuesday, June 27, 2006 3:50 PM
> > To: [log in to unmask]
> > Subject: SSL Certificate on HA Pairs
> >
> > Last month we upgraded to CCA Version 3.6.2.
> > We are running CCA in HA mode for both the CAS and CAM.
> >
> > North Park University would like to install the CA signed SSL
> > certificate= s and would like some advice.
> >
> > Can someone please provide me with some insights into issues
> > or problems that we need to address in order to install SSL
> > certificates successfully= .
> > Thank you
> > dj
> >
> > Dwight Janzen
> > Systems Manager
> > Computer Services
> > North Park University
> > 3225 West Foster Avenue
> > Chicago, IL 60625-4895
> > 773-244-5545 Office
> > 773-279-7304 Fax
> > [log in to unmask]
> >
>
|
|
|
