https://community.cisco.com/t5/network-access-control/acs-self-signed/m-p/1515901#M7614 <HTML><HEAD></HEAD><BODY><P>The ACS cert is only needed on the clients if you have the clients trusting the ACS certificate.</P><P>For example if you are using PEAP or EAP-TLS and trusting the Server cert.</P><P></P><P>If you do not have this constraint then you do not need to install the ACS cert on the clients.</P><P>You only need to create the ACS cert again.</P><P></P><P>HTH,<BR />Tiago</P><P></P><DIV class="jive-rendered-content"><DIV class="jive-rendered-content"><P>--</P><P>If&nbsp; this helps you and/or answers your question please mark the question as&nbsp; "answered" and/or rate it, so other users can easily find it.</P></DIV></DIV></BODY></HTML> Tue, 16 Nov 2010 08:37:36 GMT Tiago Antunes 2010-11-16T08:37:36Z https://community.cisco.com/t5/network-access-control/acs-self-signed/m-p/1515899#M7612 <P>The duration of the certificate of the ACS is one year. This means I have to install the new certificate in workstations, again?? Or only create the new certificate again in the ACS??</P> Fri, 21 Feb 2020 18:25:30 GMT https://community.cisco.com/t5/network-access-control/acs-self-signed/m-p/1515899#M7612 ricardorojas123 2020-02-21T18:25:30Z https://community.cisco.com/t5/network-access-control/acs-self-signed/m-p/1515900#M7613 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>yes it means you will have to re-install it on the clients. This is why self-signed certificates are not the best solution with regards to admin overhead.</P><P></P><P>The best for you would be to setup a CA (openssl, windows server, ...) that issues a certificate to ACS. You could renew the ACS certificate and not change anything to the clients since they trust the CA (and thus all the servers who have a cert of that CA).</P><P></P><P>Hope this helps.</P><P>Nicolas</P><P></P><P>===</P><P>Don't forget to rate answers that you find useful</P></BODY></HTML> Tue, 16 Nov 2010 07:41:21 GMT https://community.cisco.com/t5/network-access-control/acs-self-signed/m-p/1515900#M7613 Nicolas Darchis 2010-11-16T07:41:21Z https://community.cisco.com/t5/network-access-control/acs-self-signed/m-p/1515901#M7614 <HTML><HEAD></HEAD><BODY><P>The ACS cert is only needed on the clients if you have the clients trusting the ACS certificate.</P><P>For example if you are using PEAP or EAP-TLS and trusting the Server cert.</P><P></P><P>If you do not have this constraint then you do not need to install the ACS cert on the clients.</P><P>You only need to create the ACS cert again.</P><P></P><P>HTH,<BR />Tiago</P><P></P><DIV class="jive-rendered-content"><DIV class="jive-rendered-content"><P>--</P><P>If&nbsp; this helps you and/or answers your question please mark the question as&nbsp; "answered" and/or rate it, so other users can easily find it.</P></DIV></DIV></BODY></HTML> Tue, 16 Nov 2010 08:37:36 GMT https://community.cisco.com/t5/network-access-control/acs-self-signed/m-p/1515901#M7614 Tiago Antunes 2010-11-16T08:37:36Z