Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
705
Views
11
Helpful
2
Replies

ACS Self Signed

ricardorojas123
Level 1
Level 1

‎11-15-2010 06:30 AM - edited ‎02-21-2020 10:25 AM

The duration of the certificate of the ACS is one year. This means I have to install the new certificate in workstations, again?? Or only create the new certificate again in the ACS??

Labels:
0 Helpful
2 Replies 2

Nicolas Darchis
Cisco Employee
Cisco Employee

‎11-15-2010 11:41 PM

Hi,

yes it means you will have to re-install it on the clients. This is why self-signed certificates are not the best solution with regards to admin overhead.

The best for you would be to setup a CA (openssl, windows server, ...) that issues a certificate to ACS. You could renew the ACS certificate and not change anything to the clients since they trust the CA (and thus all the servers who have a cert of that CA).

Hope this helps.

Nicolas

===

Don't forget to rate answers that you find useful

Tiago Antunes
Cisco Employee
Cisco Employee

‎11-16-2010 12:37 AM

The ACS cert is only needed on the clients if you have the clients trusting the ACS certificate.

For example if you are using PEAP or EAP-TLS and trusting the Server cert.

If you do not have this constraint then you do not need to install the ACS cert on the clients.

You only need to create the ACS cert again.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Customers Also Viewed These Support Documents