Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
650
Views
0
Helpful
3
Replies

Secure ACS 5.7 - adding a secondary server to primary

Go to solution
dfoshager
Level 1
Level 1

‎09-16-2015 07:44 AM - edited ‎03-10-2019 11:03 PM

Good morning.

 

I recently setup two primary Secure ACS 5.7 servers. I want to make one of the primary servers a secondary server. When I attempt to do register to the primary, I receive the following message:

This System Failure occurred: Registration failed due to Invalid Certificate. Your changes have not been saved.

Both servers have valid certificates. But other than extending the validity of the cert, no other changes have been made.

Any ideas please?

 

Thanks,

Daniel

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Ivan Gonzalez
Cisco Employee
Cisco Employee

‎09-16-2015 08:49 AM

Hello Daniel,

 

For the trust communication option to work. It is necessary to use certificates signed by either an external or internal CA, and additional to this, you need to import the respective issuer  Root/intermediate CAs under "Users and Identity Stores>"Certificates Authorities" section on both ACS servers.

You can also choose not to use the "Trust communication" feature by going to "System Administration > Configuration > Global System Options > Trust Communication Settings." and uncheck the checkbox for the feature.

 

Note: Please mark answered if applicable.

 

Note

 

Note

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Ivan Gonzalez
Cisco Employee
Cisco Employee

‎09-16-2015 08:49 AM

Hello Daniel,

 

For the trust communication option to work. It is necessary to use certificates signed by either an external or internal CA, and additional to this, you need to import the respective issuer  Root/intermediate CAs under "Users and Identity Stores>"Certificates Authorities" section on both ACS servers.

You can also choose not to use the "Trust communication" feature by going to "System Administration > Configuration > Global System Options > Trust Communication Settings." and uncheck the checkbox for the feature.

 

Note: Please mark answered if applicable.

 

Note

 

Note

0 Helpful

Go to solution
dfoshager
Level 1
Level 1
In response to Ivan Gonzalez

‎09-16-2015 11:32 AM

Great advice. Thank you for your response. I was able to get this to work as hoped.

0 Helpful

Go to solution
Ivan Gonzalez
Cisco Employee
Cisco Employee
In response to dfoshager

‎09-16-2015 11:36 AM

Hello Daniel,

 

 

You are very welcome, I am glad you found it helpful.

 

Best regards,

0 Helpful
Customers Also Viewed These Support Documents