Solved: Cisco ACS 5.X Self Signed Certificate

Ramraj Sivagnanam Sivajanam · ‎10-18-2012

Hi There

I have a Cisco ACS 1121 running on version 5.3 (90 days evaluation license). I have also generated a self signed certificate from the ACS, to create an XML file. This file will be used by the CSSC users for 802.1x authentication purposes. Currently, this is all working fine. This is similar to https://supportforums.cisco.com/thread/2056841

The 90 days evaluation license will expired by end of this month. My question here is, can I regenerate a new evaluation license (another 90 days) from the Cisco website for this same hardware, or is there a limit to the number of times, a evaluation license can be generated for the same hardware?

Assuming there's no limit, will I need to regenerate the self signed certificate (which will expire only next year) once I load in the new 90 days ACS evaluation license?

Regards,

Ram

Warm regards,
Ramraj Sivagnanam Sivajanam

Tarik Admani · ‎10-18-2012

Hi,

You can not obtain another 90 day eval licenses. I am not saying not try, but I dont think it will allow you to upload another licenses to an existing ACS configuration. You are most likely looking at having to reset your ACS database and starting from scratch in order to install another 90 day license.

Thanks,
Tarik Admani

Sent from Cisco Technical Support iPad App

View solution in original post

Tarik Admani · ‎10-18-2012

Hi,

You can backup the self signed cert, however you will not be able to install another temporary license on your existing ACS appliance. You will get locked out the admin interface once it expires with the upload license message.

Thanks,
Tarik Admani

Sent from Cisco Technical Support iPad App

Ramraj Sivagnanam Sivajanam · ‎10-18-2012

Hi Tarik

Thanks for the kind reply.

You mentioned that I won't be able to install another temporary license on my existing ACS appliance, as I would get locked out.

I was thinking, perhaps 2 days before the evaluation license expires, I re-upload again a new 90 days evaluation license. Do you think this idea is OK?

By the way, is there a limit to the number of times, a evaluation license can be generated for the same hardware?

Regards,

Ram

Warm regards,
Ramraj Sivagnanam Sivajanam

Tarik Admani · ‎10-18-2012

Hi,

You can not obtain another 90 day eval licenses. I am not saying not try, but I dont think it will allow you to upload another licenses to an existing ACS configuration. You are most likely looking at having to reset your ACS database and starting from scratch in order to install another 90 day license.

Thanks,
Tarik Admani

Sent from Cisco Technical Support iPad App

Ramraj Sivagnanam Sivajanam · ‎10-25-2012

Hi Tarik

Thanks for your advice. Yes, you were correct all the way. I could not install another 90-days Cisco ACS evaluation license into the Cisco ACS box, while the present license is still active.

Yes, I could regenerate a new 90-days Cisco ACS evaluation license from the Cisco website for the same given Cisco ACS appliance, countless times. This is because when I generated this file, the Cisco website doesn’t ask me for the device hostname, serial number, IP Address etc.

The Cisco’s website is https://tools.cisco.com/SWIFT/LicensingUI/loadDemoLicensee?FormId=310 and a CCO ID is needed for this.

Here’s my lesson learnt for the benefit of everyone.

•1) Backup the existing Cisco ACS configuration, self-signed certificate, license file etc.
•2) Reset the Cisco ACS config (from the Cisco ACS console acs config-reset command)

Note: This will reset the ACS config but not the basic parameters such as IP Address, Default Gateway etc. Hence, this task can be done remotely.

•3) Browse to the Cisco ACS webpage https://XXX.XXX.XXX.XXX and upload the new 90-days license file
•4) Reconfigure everything back manually.

Note: If you were to restore the configuration file, this won’t work in my case, as it will also restore the old license file.

•5) Upload the existing / backup self-signed certificate

Warm regards,
Ramraj Sivagnanam Sivajanam