Update Captive Portal Server Certificate Window


The NAC appliance server uses a private key and server certificate to provide secure communication for the NAC Manager captive portal web pages. The Update Captive Portal Server Certificate window lets you replace the server certificate. You can access this window from the Manage Appliance Certificates window.

During installation, NetSight generates a unique private server key and server certificate for the captive portal server. While these provide secure communication, you may want to update to a "browser-friendly" certificate in order to eliminate the browser warnings that might appear when end users access the NAC Manager captive portal web pages for registration or remediation, and when administrators and sponsors access the NAC registration administration and sponsor administration web pages. For complete instructions on replacing and verifying the certificate, see How to Update NAC Appliance Server Certificates.

After you have updated the certificate, you must enforce the appliance to deploy the new private key and server certificate. When enforced, the server's secure port 443 will be offline for 15 seconds to reload the certificate.

Click areas in the window for more information.

Update Captive Portal Server Certificate Window

Private Key Certificate Files Select Type
Select the type of certificate replacement
You can select from two types of certificate replacement:
  • Generate a new unique private key and server certificate. This option allows you to automatically generate a new private key and certificate using the same method that is used when NAC is installed.
  • Provision a private key and certificate from files. This option lets you update the server certificate to a custom certificate provided from an external certificate authority. For complete instructions on replacing and verifying the certificate using this option, see How to Update NAC Appliance Server Certificates.
Private Key
Provide a file containing the RSA or DSA private key that corresponds to the certificate. It must be encoded as a PKCS #8 file. Enter the path name of the file or use the Browse button to navigate to the file. If the file is encrypted with a password, check the password box and supply the password in the field. If you do not have the private key, refer to the instructions for generating them.
Certificate Files
Use the Add Files button to add one or more certificate files as provided by the certificate authority. This includes the server certificate, as well as any intermediate or chained certificates. You can multi-select files in the file chooser window, and the files can be added in any order.
  NOTE: If the Captive Portal server certificate identifies the appliance by a fully qualified host name, be sure the captive portal is configured with the Use Fully Qualified Domain Name option enabled in the Edit Captive Portal window, Common settings. Verify that end users are routed to the captive portal with the appliance's fully qualified host name (the same name used on the certificate) instead of IP address in the portal URL and that there are no unexpected browser warnings. If the option is not enabled, then end users may get certificate warning messages in their browsers about the wrong server name. This would happen because the IP address in the URL will not match the domain name in the server certificate.

For information on related windows:

Top