cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
466
Views
5
Helpful
4
Replies

Cisco ACS 5.4 Dual Certificate Option

Hovsep Armani
Level 1
Level 1

Hello Experts

I'm wondering if anyone knows if I can have dual certificates on my Cisco ACS 5.4 server. The documentation says I can have it as long as they have different "from" and "to" dates with a same CN name. However, this is a production server and wanted to make sure before I make any changes. I currently have one certificate installed and all working fine but need to add a second one for migration purposes.

Hovsep Armeni
Lan, UK

1 Accepted Solution

Accepted Solutions

A certificate can be tied to both services (HTTP and EAP), however, each service can only be tied to a single certificate. So for example,  you cannot have two certificates that are tied to the EAP process. 

Thank you for rating helpful posts!

View solution in original post

4 Replies 4

Jatin Katyal
Cisco Employee
Cisco Employee

You are right. However you can have protocol EAP or Admin usage only on one.

Allow Duplicate Certificates

Allows to add certificate with same CN and same SKI with different Valid From, Valid To, and Serial number.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-4/user/guide/acsuserguide/admin_config.html#pgfId-1067513

Regards,

Jatin

~Jatin

Thanks Jatin, 

The current certificate is for both Admin and EAP. Do you mean when installing the second (duplicate) certificate it can have only one option selected (admin or EAP)?

A certificate can be tied to both services (HTTP and EAP), however, each service can only be tied to a single certificate. So for example,  you cannot have two certificates that are tied to the EAP process. 

Thank you for rating helpful posts!

My friend Neno answered your last query :)

~Jatin