DescriptionCannot scan or send messages to Persistent Agents after a new SSL certificate has been installed in NAC.
Unless security has been disabled on the agents, communication between the agents and NAC starts with a SSL handshake. This requires NAC to be secured with a SSL Certificate. If the newly installed certificate does not have all the intermediate and root certificates included, the Persistent Agent will not be able to validate the authenticity of the connection and will fail to communicate.SolutionEnsure the following:
1. All intermediate and root certificates have been installed. Refer to related KB article below.
2. Verify the affected hosts have the appropriate root certificate installed. For instructions, refer to related KB article below.
Related Articles
Technical Note: Identify missing SSL certificates via administration UI
Technical Note: Verify Trusted Certificate Authorities on Windows or Mac OSX