Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1120
Views
0
Helpful
4
Replies

ACS 4.2 Certficate installation error

sreelalggbm
Level 1
Level 1

‎09-22-2012 10:20 PM - edited ‎03-10-2019 07:34 PM

Hai,

I am trying to install a certficate on ACS 4.2. These are the following steps that I did.

Generate certificate signing request

Put the

Certificate subject         cn=SRL

Private key file               srl.pvk   --------------(This is just a name)

Private key password    cisco@123

Key length                      1024 Bits

Digest to sign with         SHA1

I got the text file and I validated it through the Microsoft certficate server.Downloaded the certificate  from the server and uploaded to the ACS VIA ftp.

When I am trying to install I m getting the error that   "Either the certificate is expired or not valid".

Certificate status is saying that its valid for 1 yr.

What is Private key file ? What it does when we are creating a signing request?where it is stored?

Can anyone help me to fix this issue?

Labels:
0 Helpful
4 Replies 4

Tarik Admani
VIP Alumni
VIP Alumni

‎09-22-2012 10:54 PM

Can you check the ACS time settings, make sure that the time is correct.

The private key file is what is used to generate the CSR and builds the public key pair which in this case is the signed certificate.

Also are you using an x509 format certificate?

thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful

sreelalggbm
Level 1
Level 1
In response to Tarik Admani

‎09-22-2012 11:07 PM

Hai Tarik,

Thanks for your email

ACS and Certficate server has the same time settings

Following are the steps I have done on the certificate server.


login to certificate server https://X.X.X.X/certsr

Select a task:
click Request a certificate

click submit an advanced certificate request.

click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file.

  
Saved Request:

puting the generated CSR

Certificate Template: EBJ Mobile device or User or Webserver(I tried with all different options)


By default selected the option- DER encoded

download certificate 

Certificate is downloading to my PC and uploading ACS via FTP

"Either the certificate is expired or not valid".

But I can see the certificate is valid for 1 yr

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to sreelalggbm

‎09-23-2012 10:55 AM

Hi Sreelal,

Did u checked the certificate vendor is in the trust list???? Also when u check the cert properties itself it will show whether its valid / expired. I guess you have chossen the wrong certificate option while raising the CSR/ in Cert server.

Please do rate if the given information helps.

By

Karthik

0 Helpful

sreelalggbm
Level 1
Level 1
In response to nkarthikeyan

‎09-23-2012 11:22 PM

Certificate Vendor is on trusted list and date says the certificate is valid for 1 yr

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents