Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1975
Views
0
Helpful
3
Replies

ACS 5.2 certificate chain

rchester
Level 1
Level 1

‎12-16-2010 08:45 AM - edited ‎03-10-2019 05:39 PM

Hello,

I have recently installed an SSL certificate provided by my customer (from Commodo) but when I logon to ACS my browser warns that the certificate is not verified upto a trusted CA. This cert is going to be used for EAP-PEAP, EAP-TLS

I think this means that I haven't installed the certificate chain?

Did I make an error when I imported the certificate  (bound it to a previous csr) or is there a another procedure to install a certificate chain to ACS 5.2?

Cheers

reload in 25 years
Labels:
Preview file
29 KB
0 Helpful
3 Replies 3

aneelaka
Level 1
Level 1

‎12-16-2010 10:08 AM

Hi

  The error "certificate is not verified upto a trusted CA" means the cert chain i.e. the intermediate and root certificate are not present in the browser store. Hence the browser comes up with the error. Please install this certificate in the CA store in the browser

Thanks

Note: if the answer was helpful, do rate the answer
0 Helpful

Tiago Antunes
Cisco Employee
Cisco Employee

‎12-16-2010 12:22 PM

Hi,

If the error is coming on your browser, then it is your browser that does not trust it, so it is on your browser that you need to install the certificate and the intermediate certificates as trusted CA authorities.

If you are planning to use this certificate for EAP-TLS or PEAP, than you will need to do the same action on the client machines if you want the clients to validate the server certificate. If not, you can simple configure the client machiens not to validate the server certificate.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful

rchester
Level 1
Level 1
In response to Tiago Antunes

‎12-16-2010 09:10 PM

The idea is to use a certificate that has a CA certificate in the default store of the client devices to avoid having to rollout a certificate (chain or self-signed)  So somehow I have to roll up the chain and install it on the ACS. On CSS this is done by concatenating the text of each signatory and pasting it in to the unit. I guess I want to know how to do the same action with ACS5.2 Or if someone can tell me who supplies direct signed (no chain) certificates that would do nicely Thanks

reload in 25 years
0 Helpful
Customers Also Viewed These Support Documents