Solved: Cisco ACS 5.4 Dual Certificate Option

Hovsep Armani · ‎01-16-2016

Hello Experts

I'm wondering if anyone knows if I can have dual certificates on my Cisco ACS 5.4 server. The documentation says I can have it as long as they have different "from" and "to" dates with a same CN name. However, this is a production server and wanted to make sure before I make any changes. I currently have one certificate installed and all working fine but need to add a second one for migration purposes.

Hovsep Armeni
Lan, UK

nspasov · ‎01-17-2016

A certificate can be tied to both services (HTTP and EAP), however, each service can only be tied to a single certificate. So for example, you cannot have two certificates that are tied to the EAP process.

Thank you for rating helpful posts!

View solution in original post

Jatin Katyal · ‎01-17-2016

You are right. However you can have protocol EAP or Admin usage only on one.

Allow Duplicate Certificates

Allows to add certificate with same CN and same SKI with different Valid From, Valid To, and Serial number.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/user/guide/acsuserguide/admin_config.html#pgfId-1067513

Regards,

Jatin

~Jatin

Hovsep Armani · ‎01-17-2016

Thanks Jatin,

The current certificate is for both Admin and EAP. Do you mean when installing the second (duplicate) certificate it can have only one option selected (admin or EAP)?

nspasov · ‎01-17-2016

A certificate can be tied to both services (HTTP and EAP), however, each service can only be tied to a single certificate. So for example, you cannot have two certificates that are tied to the EAP process.

Thank you for rating helpful posts!

Jatin Katyal · ‎01-17-2016

My friend Neno answered your last query :)

~Jatin