CAM: 4.5.0 lite
Current Windows Clean Access Agent Version: 220.127.116.11
Current Windows Clean Access Agent Patch Version: 18.104.22.168
Current Macintosh Clean Access Agent Version: 22.214.171.124
Current Cisco NAC Web Agent Version: 4.5.0
(The clean access windows agent installed on the host laptop (Vista Enterprise) is version 126.96.36.199)
CAS mode: L2 OOB virtual GW
The setup is in lab conditions for a proof of concept.
The following scenario happens every time a new authentication is attempted from a vista host running the clean access agent.
I plug the host into the nac controlled switch port
I receive an ip address though my auth vlan and dhcp pool
Cisco clean access agent pops up on screen as per normal
I enter my user and pass and click login
I get a "security alert" pop up stating "Revocation information for the security certificate for this site is not available. Do you want to proceed?"
There are 3 buttons to choose from: yes, no, view certificates
I click yes, but the error message does not disappear,... no matter how many times you click yes,...the error stays on the screen, preventing you from proceeding with the login.
So I click no
The Clean access agent then states "Network Error!, Detail: SSL certificate REV failed"
My only option is to click 'close' button so I do
This closes down the clean access agent but the agent instantly pops buck up on my screen requesting user and pass again.
I enter the correct user and pass and click login
I get a new security alert pop up that states "This page requires a secure connection which includes server authentication." "The certificate issuer for this site is untrusted or unknown, Do you with to proceed?"
My options to click are, yes, no, view certificate or more info
I click yes, the security alert disappears and clean access now states that I have successfully logged into the network.
It refreshes my IP address and places me in the correct vlan based on the role for my username.
I have checked the event logs, all my access attempts are accepted, (on the 2nd try obviously), but there are no errors in the CAM about this SSL issue.
I do however get a red text warning on the summary page of the CAM that states the following, which I'm not sure if it has any impact into my issue.
'Warning: The end entity certificate issued by 'www.perfigo.com' is suited for lab environments only. You must import a third-party end entity certificate for your Clean Access Manager and Clean Access Server(s) before deploying Cisco NAC Appliance in a production environment. Please check your Clean Access Server(s)and standby Clean Access Manager for similar messages.
Warning: The current Trusted Certificate Authority 'www.perfigo.com' is suited for lab environments only. Cisco recommends importing a third-party Certificate Authority. Please check your Clean Access Server(s) and standby Clean Access Manager for similar messages.'
My questions are,
-Why wont the CAA accept the first authentication attempt?
-How do I remove the first security alert?
-How can I resolve the CCA so that I just log in once without having to click no and wait for CAA to pop up a 2nd time?