topic Re: error message when trying to enroll a certificate in Network Access Control

error message when trying to enroll a certificate

mtumarinson — Sun, 10 Mar 2019 14:21:48 GMT

When I try to install a certificate that I generated using Cisco ACS signing request (CSR) I am getting an error mesage.

"Can not find certificate with specified common name in the ACS Storage"

Am I missing a step I verified the name and the path of .pem file.

Max

Re: error message when trying to enroll a certificate

andyhkw72 — Fri, 20 Jun 2003 00:45:04 GMT

Once you have generated a CSR, did you submit it to a certificate authority (CA Server) to receive your certificate?

The following is the steps of how I install my cert:

1) Generate Certificate Signing Request:

Certificate subject - "cn=ACS"

Private key file - "c:\Cert\ACScert"

Private key password - "acskey"

Retype private key password - "acskey"

Key length - "1024 bits"

Digest to sign with - "SHA1"

2) Now a certificate signing request is ready. You can copy/paste it to any

certification authority enrollment tool (CA Server).

3) After you have enrolled the above certificate with a CA Server, the CA Server

will return a certificate to you, stored the returned certicate to "c:\Cert"

4) On your ACS, go to "System Configuration" -> "Install ACS Certificate"

5) Select "Use certificate from storage":

Certificate CN - "ACS"

Private key file - "c:\Cert\ACScert"

Private key password - "acskey"

And you are done!!! Once you had installed the certificate, you can used EAP-TLS and PEAP authentication and HTTPS for access to the Cisco Secure ACS HTML interface.

Re: error message when trying to enroll a certificate

marcbutler — Thu, 13 Nov 2003 12:25:04 GMT

Just wondering if you got this working?

The reason that I ask is, having gone to the links included in the above replies and attempted to implement them, I continue to have issues with the ACS being able to utilise the certificates.

Scenario:

Have installed Microsoft CA on a stand-alone server. ACS v3.1 is on another stand-alone server. We are utilising the Web interface of the CA (i.e. http://servername/CertSvr) to request a certificate. The request is successful (I ask for a Webserver cert as I understand that is what is required for PEAP implementation) and it asks me to install, which is what I do.

Then in ACS, under System Configuration\Install ACS Certificate, I locate where the cer file has been placed and then point to it, using the private key file that I input when requesting the cert. When I submit the cert, it errors with various different messages, icluding:

Certificate File Not Found

Private key does not match certificate

and others that I cannot now remember.

Can anyone help with a step-by-step walk through of what is required to set this up, both on the Microsoft W2K side and ACS?

Please help!!!!

Re: error message when trying to enroll a certificate

aschiebe — Thu, 13 Nov 2003 21:42:47 GMT

You can get some walk through in http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/acstl_wp.htm

This white paper is for EAP-TLS but you need section 5.2.2 - AAA Server Certificate Requirements which is the same for PEAP.

Other than the points mentioned in this section , you have the step-by-step procedure in the previous correspodence.

Let me know if you need more specific help

Ami