cancel
Showing results for 
Search instead for 
Did you mean: 

Certificate file location

Certificate file location

Jonny
New Contributor

Hi All,

We're running the XSE and NAC version 24.7.10.52 and I've used the option under NAC Engines > Manage certificates to create a self-signed cert for the Radius Server section. I now can't find this certificate file on the NAC engine anywhere or on the XSE, the old certs were in /opt/nac/radius/raddb/certs/selfsigned but there is no cert in there with the correct creation date or details.

Have the certificates been moved in this new version, or do the certs created via XSE go to a different location?

smaller issue it created the cert with the NAC IP rather than hostname for some reason, if anyone knows how to change that as well?

Cheers

1 REPLY 1

Robert_Haynes
Extreme Employee

Hello Jonny.

The root CA used to sign the self-signed certificates in XIQ-SE and Control is not exportable and can not be found on the filesystem or database.

There would generally be no reason to need to export this root CA. If you looking to use this root CA for achieving 802.1x trust chaining validation (i.e. to install on the client device so they can 'trust' the root) this would be the wrong approach.

We would recommend seeking a proper publicly trusted CA signed certificate chain or employing a private CA (i.e. Windows Server Certificate Authority) for this.

If you are simply looking to do testing - I would recommend XCA @ https://www.hohnstaedt.de/xca/ which will allow you to create full private CA infrastructure in minutes with the ability to import / export certs and keys for any usage you'd like.

GTM-P2G8KFN