Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
528
Views
0
Helpful
1
Replies

ACS as a CA

Go to solution
Natha340Mai340
Level 1
Level 1

‎01-26-2011 06:00 AM - edited ‎03-10-2019 05:45 PM

Hi, the ACS 5.x it's work as a Certification Authority ? I need that ACS issued Certificates. I'm thinking deploy that by Microsoft CA but I have openldap in my network and Microsoft CA isn't work with openldap.

For emplo, I need a Certificates for my wireless users.

thank.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎01-26-2011 09:31 AM

Acs Can't act as a certificate authority where you get complete chanin of certs. ACS only provides you self-signed certificate, valid for 1 year.


Self-signed certificates are certificates you create without a root or       the intermediate involvement of the CA. They have the same value in both the       subject and issuer fields like a Root CA Certificate. Most self-signed       certificates use X.509 v1 format.


Self signed certificate.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/eap_pap_phase.html#wp1030165


Do not use a key size       greater than 1024 for compatibility with PEAP and EAP-TLS. If you use a       self-signed certificate, the certificate also acts in the capacity of the Root       CA Certificate and must be installed in the Certificates (Local       Computer) > Trusted Root Certification Authorities >       Certificates folder of the client when you use the Microsoft EAP       supplicant. It automatically installs in the trusted root certificates store on       the server. However, it must still be trusted in the Certificate Trust List in       ACS Certificate Setup.


Regds,

Jatin



Do rate helpful posts-

~Jatin

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎01-26-2011 09:31 AM

Acs Can't act as a certificate authority where you get complete chanin of certs. ACS only provides you self-signed certificate, valid for 1 year.


Self-signed certificates are certificates you create without a root or       the intermediate involvement of the CA. They have the same value in both the       subject and issuer fields like a Root CA Certificate. Most self-signed       certificates use X.509 v1 format.


Self signed certificate.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.1/user/guide/eap_pap_phase.html#wp1030165


Do not use a key size       greater than 1024 for compatibility with PEAP and EAP-TLS. If you use a       self-signed certificate, the certificate also acts in the capacity of the Root       CA Certificate and must be installed in the Certificates (Local       Computer) > Trusted Root Certification Authorities >       Certificates folder of the client when you use the Microsoft EAP       supplicant. It automatically installs in the trusted root certificates store on       the server. However, it must still be trusted in the Certificate Trust List in       ACS Certificate Setup.


Regds,

Jatin



Do rate helpful posts-

~Jatin
0 Helpful
Customers Also Viewed These Support Documents