Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2027
Views
5
Helpful
3
Replies

ACS Certificate install

Go to solution
Turki.A.Baqatada
Level 1
Level 1

‎05-23-2021 10:56 PM

Hi 

My ACS local certificate is going to expire and i am going to renew it 

 

but actually can i change my local certificate with certificate vendor and certificate authority in ACS is still valid from another vendor 

 

and what is the difference between them 

 

your replies highly appreciated  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
lrojaslo
Cisco Employee
Cisco Employee
In response to Turki.A.Baqatada

‎05-24-2021 01:12 PM

The fist thing to take into consideration is the following:

 

Local certificates: are the ones used by the ACS for particular functions like management (GUI access) and EAP (dot1x - EAP authentications). These certs can be self-signed or CA signed (look at issued by field), if they are self-signed, then you don't need any other certs and you can just renew it with no issues.

 

If you use certs signed by an external CA, then you need to make sure you use the same CA to sign your CSR to avoid impact.

 

Certificate authority:  In this section you upload the CA certificates (root, intermediate) that are part of the chain of your local certificate (if signed by CA).

View solution in original post

3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎05-23-2021 11:47 PM

Delete the OLD one from list, if the new one valid.

 

cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-8/user/guide/acsuserguide/admin_config.html#79385

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Turki.A.Baqatada
Level 1
Level 1
In response to balaji.bandi

‎05-24-2021 12:03 AM

YES for local certificate i will replace the old one with the new one but my question that there is another kind of certificate located in Users and Identity Stores - certificate authority which is another vendor , so if it is different vendor from local certificate will be fine or should all certificate be the same  

 

0 Helpful

Go to solution
lrojaslo
Cisco Employee
Cisco Employee
In response to Turki.A.Baqatada

‎05-24-2021 01:12 PM

The fist thing to take into consideration is the following:

 

Local certificates: are the ones used by the ACS for particular functions like management (GUI access) and EAP (dot1x - EAP authentications). These certs can be self-signed or CA signed (look at issued by field), if they are self-signed, then you don't need any other certs and you can just renew it with no issues.

 

If you use certs signed by an external CA, then you need to make sure you use the same CA to sign your CSR to avoid impact.

 

Certificate authority:  In this section you upload the CA certificates (root, intermediate) that are part of the chain of your local certificate (if signed by CA).

Customers Also Viewed These Support Documents