Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1895
Views
0
Helpful
3
Replies

error message when trying to enroll a certificate

mtumarinson
Level 1
Level 1

‎06-17-2003 10:22 AM - edited ‎03-10-2019 07:21 AM

When I try to install a certificate that I generated using Cisco ACS signing request (CSR) I am getting an error mesage.

"Can not find certificate with specified common name in the ACS Storage"

Am I missing a step I verified the name and the path of .pem file.

Max

Labels:
0 Helpful
3 Replies 3

andyhkw72
Level 1
Level 1

‎06-19-2003 05:45 PM

Once you have generated a CSR, did you submit it to a certificate authority (CA Server) to receive your certificate?

The following is the steps of how I install my cert:

1) Generate Certificate Signing Request:

Certificate subject - "cn=ACS"

Private key file - "c:\Cert\ACScert"

Private key password - "acskey"

Retype private key password - "acskey"

Key length - "1024 bits"

Digest to sign with - "SHA1"

2) Now a certificate signing request is ready. You can copy/paste it to any

certification authority enrollment tool (CA Server).

3) After you have enrolled the above certificate with a CA Server, the CA Server

will return a certificate to you, stored the returned certicate to "c:\Cert"

4) On your ACS, go to "System Configuration" -> "Install ACS Certificate"

5) Select "Use certificate from storage":

Certificate CN - "ACS"

Private key file - "c:\Cert\ACScert"

Private key password - "acskey"

And you are done!!! Once you had installed the certificate, you can used EAP-TLS and PEAP authentication and HTTPS for access to the Cisco Secure ACS HTML interface.

0 Helpful

marcbutler
Level 1
Level 1
In response to andyhkw72

‎11-13-2003 04:25 AM

Hi

Just wondering if you got this working?

The reason that I ask is, having gone to the links included in the above replies and attempted to implement them, I continue to have issues with the ACS being able to utilise the certificates.

Scenario:

Have installed Microsoft CA on a stand-alone server. ACS v3.1 is on another stand-alone server. We are utilising the Web interface of the CA (i.e. http://servername/CertSvr) to request a certificate. The request is successful (I ask for a Webserver cert as I understand that is what is required for PEAP implementation) and it asks me to install, which is what I do.

Then in ACS, under System Configuration\Install ACS Certificate, I locate where the cer file has been placed and then point to it, using the private key file that I input when requesting the cert. When I submit the cert, it errors with various different messages, icluding:

Certificate File Not Found

Private key does not match certificate

and others that I cannot now remember.

Can anyone help with a step-by-step walk through of what is required to set this up, both on the Microsoft W2K side and ACS?

Please help!!!!

0 Helpful

aschiebe
Level 1
Level 1
In response to marcbutler

‎11-13-2003 01:42 PM

Hi

You can get some walk through in http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/acstl_wp.htm

This white paper is for EAP-TLS but you need section 5.2.2 - AAA Server Certificate Requirements which is the same for PEAP.

Other than the points mentioned in this section , you have the step-by-step procedure in the previous correspodence.

Let me know if you need more specific help

Ami

0 Helpful
Customers Also Viewed These Support Documents