Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
916
Views
10
Helpful
6
Replies

Authentication certificate based on cisco ACS

Go to solution
Lee NGUYEN
Level 1
Level 1

‎08-09-2016 01:39 AM - edited ‎03-10-2019 11:59 PM

Hi all friend, and experts

I have a ACS 5.8 system. When i login to ACS via Web browser ( 443), used users : acsadmin & password. Now my Boss he want me config authentication ACS via certificate based.

Plz help me and guilde me, and clearly for me. What is the certificate base ?

Thank you so much

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎08-10-2016 09:06 AM

Hi there, I don't believe ACS admin access can be based on client-certificate. I know this feature exists in ISE but in ACS I only see username/password options. 

Thank you for rating helpful posts!

View solution in original post

0 Helpful
6 Replies 6

Go to solution
nspasov
Cisco Employee
Cisco Employee

‎08-10-2016 09:06 AM

Hi there, I don't believe ACS admin access can be based on client-certificate. I know this feature exists in ISE but in ACS I only see username/password options. 

Thank you for rating helpful posts!

0 Helpful

Go to solution
Lee NGUYEN
Level 1
Level 1
In response to nspasov

‎08-12-2016 02:17 AM

Hello Neno,

Yes this feature exists in ACS, but same you too i only see login via password based, and RSA based.

Anyone here help me plz, how ACS login ACS via certificate based work?

Thank you neno, and thank you all.

0 Helpful

Go to solution
Rajat Gupta
Level 1
Level 1
In response to Lee NGUYEN

‎08-12-2016 12:10 PM

Hello Lee,

At this point (ACS 5.8p4), this is not supported with Administration login.

Regards,

Rj

Go to solution
Lee NGUYEN
Level 1
Level 1
In response to Rajat Gupta

‎08-12-2016 10:16 PM

Thank you friend,

0 Helpful

Go to solution
Jatin Katyal
Cisco Employee
Cisco Employee

‎08-12-2016 03:41 PM

My 2 cents :)

With ACS 5.x ,you can select any one of the following identity stores:

Internal Administrator ID store

Active Directory ID store

LDAP ID store

RSA SecurID store

RADIUS Identity store

This functionality got added in ISE where you've to select the attribute in the certificate that contains the administrator user name in the Principal Name X.509 Attribute field. If the AD record for the user contains the user's certificate, and you want to compare the certificate that is received from the browser against the certificate in AD, check the Binary Certificate Comparison check box, and select the Active Directory instance name that was specified earlier. However, i personally never saw this working accurately. I'm unsure how important this feature is for your enterprise but since the feature already exist in ISE, I don't think this is going to be introduced in ACS now. If you still want to try your luck, pls reach out to your accounts team and see if they get any better feedback on the same.

Regards,

Jatin

~ Do rate helpful posts.

~Jatin

Go to solution
Lee NGUYEN
Level 1
Level 1
In response to Jatin Katyal

‎08-12-2016 10:17 PM

Thank you Jatin :)

0 Helpful
Customers Also Viewed These Support Documents