Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1174
Views
0
Helpful
10
Replies

ssl server certifcate from acs 3.3 to acs 4.2

Go to solution
sansarav720e
Level 1
Level 1

‎04-19-2011 08:53 PM - edited ‎03-10-2019 06:00 PM

Hi All ,

                      I need a help on this SSL certficate installation on my acs appliance 1120 for PEAP clients

Note : I have exported SSL server certficate from my old acs 3.3 server which is under acscertstore folder issued by CA vendor . I need to reuse this same SSL certificate on my acs appliance .

ACS appliance certficate setup requires following two certficate to be installed for PEAP clients authentication

1) Server Certficate

2) CA certificate

Server Certificate : For server certifcate , I have my old certificate which is exported from my old acs 3.3 server , when i tried to download my server certficate via ftp server on my acs appliance , its looking for private key & private key file .

      Private key & file is generated intially on CSR request when this server certificate is requested to CA vendor for my old acs 3.3 . I dont know the private key password .

    If i need private key & file , then i need to generate new CSR from my acs appliance and i need to submit this CSR output to my CA vendor to generate new SSL server certificate .which is something like new server certificate request .

CA certficate : For CA certficate , when i open my existing SSL certificate under detials tab in CRL distribution point , i could see below URL . whn i open this URL it giving certificate revocation list .
[1]CRL Distribution Point

Distribution Point Name:

Full Name:

URL=http://xx.yy.zz.com/crls/secureca.crl

           This Must be my CA certificate for my acs appliance right ?? else once again this CA certificate to be exported from old acs 3.3 server .

        

          kindly suggest and support on my above Queries ,  Apoligse if my understanding on this certifcate installation is worng . suggest me good solution

HTH Regards Santhosh Saravanan
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Devashree Chakrabarti
Level 1
Level 1
In response to sansarav720e

‎04-24-2011 10:47 PM

Hello Santhosh

The CA certs which you provided earlier, none of them belog to acs cert. Your ACS cert is issued from CA : Equifax Secure Certificate Authority.

I have separate the CA cert from acs cert. Now here are the steps :

[1] Copy the private key file from acs v3.3 server and save it on a separate folder say "ACS certs".

[2] Save CA cert and ACS cert in same folder.

[3] Install a FTP server on your laptop , which is used to install certs on ACS appliance.

[4] Make the folder "ACS certs" as ftp-folder.

[5] Install CA cert, first.

[6] Then, install acs cert and private key file together.

The CA cert and ACS cert is in attachment.

Let me knw how it goes.

thanks

Devashree

View solution in original post

85364-SSL certficate.zip
0 Helpful
10 Replies 10

Go to solution
Devashree Chakrabarti
Level 1
Level 1

‎04-22-2011 10:02 PM

Hello

For SSL certificate installation on new-ACS appliance from an old-acs appliance is not possible. The reason is :

[1] Server certificate requires private key and private key password.

[2] The private key file cannot be extracted from ACS appliance.

Hence, you have to generate a new CSR from 1120 ACS appliance and repeat the complete cert installation procedure on new server.

For another query, This URL "http://xx.yy.zz.com/crls/secureca.crl" is a CRL url, not your CA server. If it is a internal server then try to access it as " http://xx.yy.zz.com/certsrv". If that does not work, then it looks to be a 3rd party CA server and you need to contact them to get a CA cert.

let me know if you have any concern.

thanks

Devashree

P.S. : Please rate useful post.

0 Helpful

Go to solution
sansarav720e
Level 1
Level 1
In response to Devashree Chakrabarti

‎04-24-2011 08:08 PM

Hi Devashree ,

                    Thanx for your posting , My old acs 3.3 server is not appliance ,its installed over windows 2003 operating system , we have enterprise ssl server certficate recieved from 3 party CA vendor.

                  The SSL server certficate issued by CA vendor is valid for 3 years , i need to reuse both CA certficate and SSL server certificate from my windows based old acs 3.3 to my new acs 1120 appliance which is running acs 4.2 .

              I have the private key and but i cant find private key fle , similalry for CA certficate in MMC certtifcate window under trusted root certificate, i can see 3'no CA certifcate , Dont know which certficates to be used , Support on this is highly thankful

HTH Regards Santhosh Saravanan
0 Helpful

Go to solution
Devashree Chakrabarti
Level 1
Level 1
In response to sansarav720e

‎04-24-2011 08:16 PM

Hello Santhosh

Can you send the ssl certificate from ACS ver 3.3 server ? I can try to extract CA certificate from them.

For private key file, go to system config > acs cert setup > generate CSR > you will find the path for private key file. Extract the file from that location.

thanks

Devashree

0 Helpful

Go to solution
sansarav720e
Level 1
Level 1
In response to Devashree Chakrabarti

‎04-24-2011 09:52 PM

Hi Devashree ,

                       Thanx for your posting , I have attached all CA certficate extracted from trusted root certficate folder under mmc certficate window , kindly let me know which is valid CA cerfticate to be installed ,

                  Similarly for private key file i can see under specified folder under system config under acs setup on acs applications , i can copy this file directly from that specified folder .

                 Else any steps is further required to extract that private key file , Thank you .

HTH Regards Santhosh Saravanan
0 Helpful

Go to solution
Devashree Chakrabarti
Level 1
Level 1

‎04-24-2011 10:02 PM

Hello Santhosh

They are all CA certs and they are all valid. Do you have your ACS-certificate from ACS v 3.3 ? I need that certificate to check, which CA is associate with your ACS cert.

thanks

Devashree

0 Helpful

Go to solution
sansarav720e
Level 1
Level 1
In response to Devashree Chakrabarti

‎04-24-2011 10:28 PM

Hi Devashree ,

                      I have attached SSL server certficate from my ACS server 3.3  , kindly let me know which CA certficate is associated with this SSL server certficate , Thank you .

HTH Regards Santhosh Saravanan
0 Helpful

Go to solution
Devashree Chakrabarti
Level 1
Level 1
In response to sansarav720e

‎04-24-2011 10:47 PM

Hello Santhosh

The CA certs which you provided earlier, none of them belog to acs cert. Your ACS cert is issued from CA : Equifax Secure Certificate Authority.

I have separate the CA cert from acs cert. Now here are the steps :

[1] Copy the private key file from acs v3.3 server and save it on a separate folder say "ACS certs".

[2] Save CA cert and ACS cert in same folder.

[3] Install a FTP server on your laptop , which is used to install certs on ACS appliance.

[4] Make the folder "ACS certs" as ftp-folder.

[5] Install CA cert, first.

[6] Then, install acs cert and private key file together.

The CA cert and ACS cert is in attachment.

Let me knw how it goes.

thanks

Devashree

85364-SSL certficate.zip
0 Helpful

Go to solution
sansarav720e
Level 1
Level 1
In response to Devashree Chakrabarti

‎04-24-2011 11:06 PM

Hi Devashree ,

                    Thanx so much for you postings , I have attached 3 SSL server certficate , could be please extract CA certficate for this SSL ACS server certficate , I will try to get private key file and try to install this both CA & SSL server certifcate and let you know on this ,

Else let know how to extract CA certficate from ACS server certficate , Thank you .

HTH Regards Santhosh Saravanan
0 Helpful

Go to solution
sansarav720e
Level 1
Level 1
In response to Devashree Chakrabarti

‎04-25-2011 12:39 AM

Hi Devashree ,

                          Thanx for all i have downloaded root certficate from equifax resources url , Thank you

http://www.geotrust.com/resources/root-certificates/

                 Else let me know if i am doing worng on this .

HTH Regards Santhosh Saravanan
0 Helpful

Go to solution
Devashree Chakrabarti
Level 1
Level 1
In response to sansarav720e

‎04-25-2011 03:50 AM

Hello Santhosh

The other CA certs are good , but when you install ACS's Identity cert, it need to trusted by its Trusted Root certificate, from where it is issued. You need Equifax Root cert as that was the issuer of your ACS cert. The other Geo trust certs will be its Subordinate-Root.

So, my suggestion will be to install all the root certs from Geo trust + Equifax on ACS server and then install ACS-identity cert.That should fix your problem.

thanks

Devashree

0 Helpful
Customers Also Viewed These Support Documents