cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

224
Views
0
Helpful
3
Replies
Highlighted

ACS 4.2 Cert Domain Name or IP

I was using a self sign certin my ACS 4.2 and then just advised sour students to unckeck "Validate Server Certificate", but some usere wanting to use there phone have a default setting to verify the cert before establishing a connection and so we have decided to install a valid 3rd party certificate to solve this issue and save the help desk folks numerous callls. In the ACS when you generate a cert request you can use the domain name of the ACS in the request. Would it be better to use the IP of the ACS in this process or should I use the Domain name? I want to make sure we provide the correct info when we request a cert.

Thanks

mike

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Enthusiast

Use the domain name of the ACS server. Buying in a cert is a far better idea than using self-signed. The cost (which is pretty low anyway) is more than offset by the reduction in support calls!

View solution in original post

3 REPLIES 3
Highlighted
Frequent Contributor

You can use ACS to generate a self-signed digital certificate to use for the PEAP authentication protocol or HTTPS support of ACS administration. This capability supports TLS/SSL protocols and technologies without the requirement of interacting with a CA.

Refer the below URL to know about “ using self-signed certificate”:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/SCAuth.html#wp327462

Highlighted
Enthusiast

Use the domain name of the ACS server. Buying in a cert is a far better idea than using self-signed. The cost (which is pretty low anyway) is more than offset by the reduction in support calls!

View solution in original post

Highlighted

Thanks