The article assumes that you have already generated a certificate to install. If you have not generated a certificate use the openssl application on the NAC or NetSight to generate a CSR to submit to a CA:How To Generate A Certificate Signing Request (CSR) On A NAC Appliance
Once you have generated a certificate in NAC Manager:
- Click on the "All NAC Appliances" folder
- Click on the "NAC Appliances" tab on the right (only shows up if selecting the NAC appliances folder)
- Right click on the NAC Appliance you want to install the certificate on and choose "Manage Appliance Certificates"
- Click the "Update Certificate" button on which certificate you want to update
- Perform an "Enforce" to the NAC appliance.
Types of Certificates:
Captive Portal: This certificate is used for HTTPS connections to the captive portal. Wildcard certificates are OK for use
Internal Communications Server Certificate: This certificate is used for encrypted communications between NAC and NetSight.
Agent-Based Assessment Server Certificate: This certificates is used for secure communications between NAC and the Assessment Agent
RADIUS Server Certificate: This certificate is sent to end-systems for certain types of RADIUS authentication. (EAP-PEAP, EAP-TLS). Wild Card Certificates are NOT OK to use for RADIUS server certificates.