LISTSERV - CLEANACCESS Archives - LISTSERV.MIAMIOH.EDU

CLEANACCESS Archives

December 2006

CLEANACCESS@LISTSERV.MIAMIOH.EDU

	LISTSERV Archives
	CLEANACCESS Home
	CLEANACCESS December 2006

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: CCAA Mac OS X testing problems
From:	Brian Beausoleil <[log in to unmask]>
Reply To:	Cisco Clean Access Users and Administrators <[log in to unmask]>
Date:	Tue, 5 Dec 2006 09:46:28 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (60 lines)

I got to that point and called it quits (for testing) until I received my
new certs.  I didn't have the time to figure out why it does that,
especially when I had certs on the way.  The certs should be here today and
I can then begin testing the mac agent again.  I will update you on my
progress.


Brian Beausoleil
Network Services
Southern CT State University
Email: [log in to unmask]
Office: (203) 392-6109
Mobile: (203) 605-9128
Fax: (203) 392-6711

-----Original Message-----
From: Cisco Clean Access Users and Administrators
[mailto:[log in to unmask]] On Behalf Of David Stempien
Sent: Tuesday, December 05, 2006 4:26 AM
To: [log in to unmask]
Subject: CCAA Mac OS X testing problems

I am testing the newly-released CCAA for Mac OS X on a couple of test NAC
servers I have setup.  Both CAS and CAM have been upgraded to 4.1.0.

Since these are test servers, I do not have a trusted certificate.  I am
able to log in using the Windows CCAA 4.1.0 client just fine as long as I
accept the un-trusted certificate each time, or elect to always trust the
un-trusted certificate.

However, in Mac OS X, I get the following error message:

"Cisco Clean Access Agent is having problem communicating with NAC appliance
server.

This could be caused by the Secured Transport Communication.  Please make
sure the certificate on the NAC appliance server is valid.  If the NAC
Appliance uses the temporary certificate, you have to install the root
certificate into certificate KeyChains."

[grammar comments aside...]

I have tried saving the perfigoca.crt into my Certificates keychain as well
as in the X509Anchors keychain.  I did the same with the certificate
generated by my test CAS which I dragged out of the un-trusted warning from
a Safari window.  However, I'm still getting the same error message at
login.

Since I can't seem to find any release notes or documentation for the CCAA
for Mac OS X, I'm hoping someone else may have some insight to getting this
to work.

Thanks,

--
Dave Stempien, Network Security Engineer
University of Rochester Medical Center
Information Systems Division
585-784-6129

ATOM RSS1 RSS2

LISTSERV.MIAMIOH.EDU