ACS 5.3 with windows Root CA

Joester1980 · ‎02-24-2013

Hi,

I have an ACS environment with PEAP working. the root CA is about to expire i was going to just right click the root CA and try to renew with same keys. Will this break the current users that have the certificate aready installed? do i need to do anything with the ACS server or is the certificate essentially the same?

what recommendations do you h ave for this?

Thanks for your time with helping answer this.

Jatin Katyal · ‎02-25-2013

It should not if the Root CA would remain same.

Jatin Katyal
Regards,

- Do rate helpful posts -

~Jatin

maldehne · ‎02-26-2013

You can renew the server certificate given that the root CA is the same or the clients have the root CA certificate installed on them.

So if you are using the same root CA to renew the server certificate . this shouldn't have any effect cause the clients will keep honoring any certificate exposed to them given that they have the same root CA certificate installed.

-----------------------------------------------------------------------

Please Don't forget to rate correct answers

Peter Koltl · ‎02-26-2013

1. You renew the root CA cert. Nothing happens as the ACS cert is still valid (not expired) and clients validate it against their stored root CA cert (assuming the Validate Server cert checkbox is checked on the clients)

2. You distribute the new root CA cert to the clients. Don't remove the old cert. Check the new cert under 'Validate server' settings on the clients

3. You request a new cert for the ACS