cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
819
Views
0
Helpful
7
Replies

ACS server certificate from 3.3 to 4.2

sansarav720e
Level 1
Level 1

Hi All ,

         We have enabled EAP-TLS authentication for our wireless LAN end user in our network setup , And we have defined certficate on our old acs server 3.3  from a third party  CA . I want to use the same certifcate which is being used in 3.3 ,how i can copy that certficate from 3.3 and get it installed on new acs 4.2 . what all condition to be met

HTH Regards Santhosh Saravanan
1 Accepted Solution

Accepted Solutions

Jagdeep Gambhir
Level 10
Level 10

Hi Santosh,


To export CA certificate from Windows version, do following :

Goto

[1] Start > Run > Type 'mmc' and hit enter.

[2] Click on Console > Add/Remove Snap-in...

[3] Click on Add > Certificate > Add > Computer Account > Next > Local Computer > Finish > Close > Ok

[4] Expand Certificates > Expand Trusted Root Certificate Authority and select Certificates

[5] Choose the ACS CA certificate, right click > All Tasks > Export > Next > Select 'Base-64 encoded X.509 (.CER)' > Next > Browse

Choose the location to store, and give it a name.
Press Next > Finish

We should get a message 'export was successfull'

Then Goto CS ACS solution engine

System Configuration > ACS Certificate Setup > ACS Certificate Authority Setup > Click on 'Download CA certificate'

Provide with the reuired information

and uplaod the file by pressing 'Submit'

Then Restart the ACS.

And to use this certificate, goto

System Configuration > ACS Certificate Setup > Edit Certificate Trust List,

and check the ACS certificate being installed.

then click Submit.

Again Restart ACS.


Regards,
~JG

Do rate helpful posts

View solution in original post

7 Replies 7

andamani
Cisco Employee
Cisco Employee

Hi,

A simple upgrade from ACS 3.3 to ACS 4.2 with keeping the existing database should do the trick.

I assume this is ACS on windows.

Hope this helps.

Regards,

Anisha.

P.S.: Please mark this thread as answered if you feek your query is resolved. Do rate helpful posts.

Hi Anisha ,

                  For ACS 4.2.1.15 we are using  new cisco acs appliance 1120 and existing ACS 3.3 server is running on window box as u said , We dont want to upgrade existing ACS 3.3 to 4.2. I need to copy CA certficate from that ACS 3.3 to ACS 4.2

Is CA certficate has also got dependancy in ACS version .

HTH Regards Santhosh Saravanan

Jagdeep Gambhir
Level 10
Level 10

Hi Santosh,


To export CA certificate from Windows version, do following :

Goto

[1] Start > Run > Type 'mmc' and hit enter.

[2] Click on Console > Add/Remove Snap-in...

[3] Click on Add > Certificate > Add > Computer Account > Next > Local Computer > Finish > Close > Ok

[4] Expand Certificates > Expand Trusted Root Certificate Authority and select Certificates

[5] Choose the ACS CA certificate, right click > All Tasks > Export > Next > Select 'Base-64 encoded X.509 (.CER)' > Next > Browse

Choose the location to store, and give it a name.
Press Next > Finish

We should get a message 'export was successfull'

Then Goto CS ACS solution engine

System Configuration > ACS Certificate Setup > ACS Certificate Authority Setup > Click on 'Download CA certificate'

Provide with the reuired information

and uplaod the file by pressing 'Submit'

Then Restart the ACS.

And to use this certificate, goto

System Configuration > ACS Certificate Setup > Edit Certificate Trust List,

and check the ACS certificate being installed.

then click Submit.

Again Restart ACS.


Regards,
~JG

Do rate helpful posts

Hi Jagdeep ,

                      Thanx for your postings , I will follow this on exporting my certficates from old acs 3.3 , I have samll queris whether 3 party CA certficates is minted based on Hostname by the vendor , So that when we use it  on another machine it should have same hostname as the old one . Is there any condition like that ?? . kindly suggest me , Thank you

3rd party vendor is geotrust

HTH Regards Santhosh Saravanan

Hi Santosh,

CA cert does not have any host name ( i.e. "issued by" and "issued to" are same, Geo trust in your case). Its the server cert that have host name in "issued to " section.

Server cert will have

Issued to = Host name

Issued by= GeoTrust

CA cert will have

Issued to = GeoTrust

Issued by=GeoTrust

Host name does not matter ( in server cert) as along as it is installed with the private key.

Regards,

~JG

Do rate helpful posts

HI Jagdeep ,

                  I have tried using MMC (microsoft management console ) to extract certficate from windows box which is running ACS 3.3 . Whn i opened MMC console clicked add/remove snap in , but i am seeing only blank list on add on list . Is that any function to be availed from MMC should be turned on using gepdit.msc , Please suggest me , Thank you

HTH Regards Santhosh Saravanan

Hi Santosh,

Please click on the ADD button after you get th edialog box of Add/remove snap-in.. then you will get another dialog box from where you can select the Certificate item.

Hope this helps.

Regards,

Anisha

-do rate helpful posts.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: