Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5116
Views
38
Helpful
18
Replies

Installing Certificates on the ACS Appliance

netopia
Level 1
Level 1

‎10-22-2007 12:03 PM - edited ‎03-10-2019 03:28 PM

We have a Cisco ACS appliance (Cisco 1113), and are having a little trouble getting certificates to work.

I had some instructions on generating a certificate on a windows server and installing it, but this ultimately resulted in a server that we couldn't reach from anywhere (because nobody had an appropriate client certificate) and I had to reload the server.

We can currently get PEAP to work with our windows clients and the server using a self-signed certificate, but for a wider implementation I'm still not sure what certificates need to be generated, which ones need to be placed on the server, which ones need to go on clients, and how to place them on the server and windows clients.

I realize this is a fairly large question, but the different documents I've seen out there are all slightly contradictory, and in any case are all written with the windows implementation of the cisco ACS in mind.

Any help would be most appreciated.

-Ben

Labels:
0 Helpful
18 Replies 18

Jatin Katyal
Cisco Employee
Cisco Employee
In response to ngo duyen

‎01-20-2011 09:13 AM

You don't need to install ACS-server certificate on the client and why we should install server certificate on the client ...?


There is no validay period that is configured by default for third party certificates. Its in your and CA hand, you may go for 10 years.


This option only comes with self-singed where its 1 year and it can not be changed.


On the client you just need Root CA certificate if you want an option "validate server certificate" to be checked.


Setup client for peap authentication

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml#t20


HTH

Jatin


Do rate helpful posts-

~Jatin
0 Helpful

ngo duyen
Level 1
Level 1
In response to Jatin Katyal

‎01-20-2011 09:32 AM

thank you for fast reply. all thing clear. I have just believed all thing bert.lefevre post above

cisco support forum is wonderfull. I can have my answer very fast by searching and asking

0 Helpful

Jatin Katyal
Cisco Employee
Cisco Employee
In response to ngo duyen

‎01-20-2011 11:38 AM

Glad, we could help you.

I would appreciate if you can mark this thread resolved so that other's can benefit from it.


Rgds,

Jatin


Do rate helpful posts-

~Jatin

ngo duyen
Level 1
Level 1
In response to Jatin Katyal

‎01-20-2011 06:46 PM

I cant do b/c Iam not the owner of this thread.

0 Helpful
Customers Also Viewed These Support Documents