Secure LDAP certs are different from the certs on the servers. All LDAP requests come from the manager. There is an SSL LDAP section in the manager manual, if you want more information. Essentially you just import the CA cert that signed your AD servers into the manager as a SSL Ldap cert and away you go. (I think they require a reboot of the manager but I didn't have to). You don't need to touch any certs on the CAS themselves or on the manager. If you do change the manager cert to one of your own CA you will disrupt communication between the CAS and the CAM. We are currently using a combination of thawte SSL certs and our own Certificate Authority cert on Novell for secure LDAP. As mentioned there is a special SSL cert upload for secure ldap on the manager. (same location as where you can configure the other cert properties). If you need additional help you can contact me off-list.
Sincerely, Sidney Eaton, CCNA, Network+, NCSS, NCDE, CCSE Network Technician Ferris State University 205 West Building Big Rapids, Mi 49307 (231) 591-5388 For Support Call (231) 591-4822 or www.ferris.edu/tac "Osborne, Bruce W. (NS)" <[EMAIL PROTECTED]> Sent by: Cisco Clean Access Users and Administrators <[email protected]> 10/28/2008 12:04 PM Please respond to Cisco Clean Access Users and Administrators <[email protected]> To [email protected] cc Subject Re: Certificate Authority for CCA Does Microsoft Windows trust your CA by default? If not, you will have the same trust issues, especially with Vista, that you have with the default Perfigo certificates. I am currently running 4.1.2.1 and using the free 2-year certs from certs.ipsca.com on my CASs. I have not yet got my CAM working with that cert. I realize that those certs will not work with newer versions of CCA, but they solve my immediate problems. Bruce Osborne Liberty University From: Cisco Clean Access Users and Administrators [mailto:[EMAIL PROTECTED] On Behalf Of Heller, Josh Sent: Tuesday, October 28, 2008 11:57 AM To: [email protected] Subject: [CLEANACCESS] Certificate Authority for CCA We are moving from a Sun based secure LDAP authentication system to one using secure LDAP against our Active Directory DCs. These DCs have certificates that were generated using our own Windows 2003 certificate authority. What is the best way to get the certs from our authority into our CAM? Any cert issues come to mind? Do the certs also need to be separately installed into each CAS? Will our end users need to have the certs installed on their local computers when logging into CCA via the agent? I look forward to any input or advice. Thank you. Josh Heller Sr. Network Analyst Information Technology Kutztown University 610.683.4930
