https://community.cisco.com/t5/network-access-control/acs-certificate-install/m-p/4407933#M567525 <P>The fist thing to take into consideration is the following:</P> <P>&nbsp;</P> <P><FONT color="#FF0000"><STRONG>Local certificates</STRONG></FONT>: are the ones used by the ACS for particular functions like management (GUI access) and EAP (dot1x - EAP authentications). These certs can be <STRONG>self-signed</STRONG> or <STRONG>CA signed&nbsp;</STRONG>(look at issued by field), if they are self-signed, then you don't need any other certs and you can just renew it with no issues.</P> <P>&nbsp;</P> <P>If you use certs signed by an external CA, then you need to make sure you use the same CA to sign your CSR to avoid impact.</P> <P>&nbsp;</P> <P><FONT color="#FF0000"><STRONG>Certificate authority</STRONG></FONT>:&nbsp; In this section you upload the CA certificates (root, intermediate) that are part of the chain of your local certificate (if signed by CA).</P> Mon, 24 May 2021 20:12:56 GMT lrojaslo 2021-05-24T20:12:56Z https://community.cisco.com/t5/network-access-control/acs-certificate-install/m-p/4407388#M567487 <P>Hi&nbsp;</P><P>My ACS local certificate is going to expire and i am going to renew it&nbsp;</P><P>&nbsp;</P><P>but actually can i change my local certificate with certificate vendor and certificate authority in ACS is still valid from another vendor&nbsp;</P><P>&nbsp;</P><P>and what is the difference between them&nbsp;</P><P>&nbsp;</P><P>your replies highly appreciated&nbsp;&nbsp;</P> Mon, 24 May 2021 05:56:29 GMT https://community.cisco.com/t5/network-access-control/acs-certificate-install/m-p/4407388#M567487 Turki.A.Baqatada 2021-05-24T05:56:29Z https://community.cisco.com/t5/network-access-control/acs-certificate-install/m-p/4407417#M567489 <P>Delete the OLD one from list, if the new one valid.</P> <P>&nbsp;</P> <P>cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/user/guide/acsuserguide/admin_config.html#79385</P> <P>&nbsp;</P> Mon, 24 May 2021 06:47:48 GMT https://community.cisco.com/t5/network-access-control/acs-certificate-install/m-p/4407417#M567489 balaji.bandi 2021-05-24T06:47:48Z https://community.cisco.com/t5/network-access-control/acs-certificate-install/m-p/4407429#M567490 <P><FONT face="arial,helvetica,sans-serif" size="4">YES for local certificate i will replace the old one with the new one but my question that there is another kind of certificate <FONT color="#FF0000">located in&nbsp;</FONT></FONT><FONT face="arial,helvetica,sans-serif" size="4"><FONT color="#FF0000">Users and Identity Stores - certificate authority</FONT> which is another vendor , so if it is different vendor from local certificate will be fine or should all certificate be the same&nbsp;&nbsp;</FONT></P><P>&nbsp;</P> Mon, 24 May 2021 07:03:58 GMT https://community.cisco.com/t5/network-access-control/acs-certificate-install/m-p/4407429#M567490 Turki.A.Baqatada 2021-05-24T07:03:58Z https://community.cisco.com/t5/network-access-control/acs-certificate-install/m-p/4407933#M567525 <P>The fist thing to take into consideration is the following:</P> <P>&nbsp;</P> <P><FONT color="#FF0000"><STRONG>Local certificates</STRONG></FONT>: are the ones used by the ACS for particular functions like management (GUI access) and EAP (dot1x - EAP authentications). These certs can be <STRONG>self-signed</STRONG> or <STRONG>CA signed&nbsp;</STRONG>(look at issued by field), if they are self-signed, then you don't need any other certs and you can just renew it with no issues.</P> <P>&nbsp;</P> <P>If you use certs signed by an external CA, then you need to make sure you use the same CA to sign your CSR to avoid impact.</P> <P>&nbsp;</P> <P><FONT color="#FF0000"><STRONG>Certificate authority</STRONG></FONT>:&nbsp; In this section you upload the CA certificates (root, intermediate) that are part of the chain of your local certificate (if signed by CA).</P> Mon, 24 May 2021 20:12:56 GMT https://community.cisco.com/t5/network-access-control/acs-certificate-install/m-p/4407933#M567525 lrojaslo 2021-05-24T20:12:56Z