03-03-2011 07:48 PM - edited 03-10-2019 05:52 PM
Hi All ,
We have enabled EAP-TLS authentication for our wireless LAN end user in our network setup , And we have defined certficate on our old acs server 3.3 from a third party CA . I want to use the same certifcate which is being used in 3.3 ,how i can copy that certficate from 3.3 and get it installed on new acs 4.2 . what all condition to be met
Solved! Go to Solution.
03-03-2011 08:10 PM
Hi Santosh,
To export CA certificate from Windows version, do following :
Goto
[1] Start > Run > Type 'mmc' and hit enter.
[2] Click on Console > Add/Remove Snap-in...
[3] Click on Add > Certificate > Add > Computer Account > Next > Local Computer > Finish > Close > Ok
[4] Expand Certificates > Expand Trusted Root Certificate Authority and select Certificates
[5] Choose the ACS CA certificate, right click > All Tasks > Export > Next > Select 'Base-64 encoded X.509 (.CER)' > Next > Browse
Choose the location to store, and give it a name.
Press Next > Finish
We should get a message 'export was successfull'
Then Goto CS ACS solution engine
System Configuration > ACS Certificate Setup > ACS Certificate Authority Setup > Click on 'Download CA certificate'
Provide with the reuired information
and uplaod the file by pressing 'Submit'
Then Restart the ACS.
And to use this certificate, goto
System Configuration > ACS Certificate Setup > Edit Certificate Trust List,
and check the ACS certificate being installed.
then click Submit.
Again Restart ACS.
Regards,
~JG
Do rate helpful posts
03-03-2011 07:55 PM
Hi,
A simple upgrade from ACS 3.3 to ACS 4.2 with keeping the existing database should do the trick.
I assume this is ACS on windows.
Hope this helps.
Regards,
Anisha.
P.S.: Please mark this thread as answered if you feek your query is resolved. Do rate helpful posts.
03-03-2011 08:00 PM
Hi Anisha ,
For ACS 4.2.1.15 we are using new cisco acs appliance 1120 and existing ACS 3.3 server is running on window box as u said , We dont want to upgrade existing ACS 3.3 to 4.2. I need to copy CA certficate from that ACS 3.3 to ACS 4.2
Is CA certficate has also got dependancy in ACS version .
03-03-2011 08:10 PM
Hi Santosh,
To export CA certificate from Windows version, do following :
Goto
[1] Start > Run > Type 'mmc' and hit enter.
[2] Click on Console > Add/Remove Snap-in...
[3] Click on Add > Certificate > Add > Computer Account > Next > Local Computer > Finish > Close > Ok
[4] Expand Certificates > Expand Trusted Root Certificate Authority and select Certificates
[5] Choose the ACS CA certificate, right click > All Tasks > Export > Next > Select 'Base-64 encoded X.509 (.CER)' > Next > Browse
Choose the location to store, and give it a name.
Press Next > Finish
We should get a message 'export was successfull'
Then Goto CS ACS solution engine
System Configuration > ACS Certificate Setup > ACS Certificate Authority Setup > Click on 'Download CA certificate'
Provide with the reuired information
and uplaod the file by pressing 'Submit'
Then Restart the ACS.
And to use this certificate, goto
System Configuration > ACS Certificate Setup > Edit Certificate Trust List,
and check the ACS certificate being installed.
then click Submit.
Again Restart ACS.
Regards,
~JG
Do rate helpful posts
03-03-2011 08:17 PM
Hi Jagdeep ,
Thanx for your postings , I will follow this on exporting my certficates from old acs 3.3 , I have samll queris whether 3 party CA certficates is minted based on Hostname by the vendor , So that when we use it on another machine it should have same hostname as the old one . Is there any condition like that ?? . kindly suggest me , Thank you
3rd party vendor is geotrust
03-04-2011 01:26 AM
Hi Santosh,
CA cert does not have any host name ( i.e. "issued by" and "issued to" are same, Geo trust in your case). Its the server cert that have host name in "issued to " section.
Server cert will have
Issued to = Host name
Issued by= GeoTrust
CA cert will have
Issued to = GeoTrust
Issued by=GeoTrust
Host name does not matter ( in server cert) as along as it is installed with the private key.
Regards,
~JG
Do rate helpful posts
03-06-2011 06:59 PM
HI Jagdeep ,
I have tried using MMC (microsoft management console ) to extract certficate from windows box which is running ACS 3.3 . Whn i opened MMC console clicked add/remove snap in , but i am seeing only blank list on add on list . Is that any function to be availed from MMC should be turned on using gepdit.msc , Please suggest me , Thank you
03-07-2011 01:19 AM
Hi Santosh,
Please click on the ADD button after you get th edialog box of Add/remove snap-in.. then you will get another dialog box from where you can select the Certificate item.
Hope this helps.
Regards,
Anisha
-do rate helpful posts.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: