Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
854
Views
0
Helpful
1
Replies

ACS and 802.1x

jwmiller
Level 1
Level 1

‎11-21-2005 10:05 AM - edited ‎02-21-2020 10:13 AM

We're running ACS 3.3.2 and testing 802.1x using PEAP-MSChap (server-side only cert). We have 3rd party certs installed on ACS that include a CDP (CRL Distribution Point). Is there any risk that if we lose Internet connectivity ACS will not allow an 802.1x authentication to occur? In other words, does ACS ever validate it's own cert including comparison against the CRL, or is it a mute point?

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎11-21-2005 06:05 PM

Losing Internet connectivity won't affect your authentication. The ACS cert is valid for a specific time and that is defined in the cert when it's installed, you can see how long it's valid for by going under System Config - ACS Certificate Setup - Install ACS Certificate. ACS will continue to validate connections against this cert regardless of whether it has connectivity to the CA server.

It may validate itself against the CRL, but your CRL should never contain the ACS cert anyway, it that happens then you have serious issues to discuss wioth your CA vendor. It certainly won't automatically get included just because you lose connectivity or anything like that.

0 Helpful
Customers Also Viewed These Support Documents