Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1547
Views
0
Helpful
1
Replies

Unable to access CS ACS 1113 appliance after enabling HTTPS management

shackma39
Level 1
Level 1

‎11-03-2011 10:26 PM - edited ‎03-10-2019 06:31 PM

I've recently installed a certificate on my ACS 1113 appliance and in the Admin setup enabled management access over HTTPS. Since then I've not been able to access the GUI console. I have done some troubleshooting and I'm fairly certain that I have a certificate issue as Firefox gives me the error:

Certificate type not approved for application. (Error code: sec_error_inadequate_cert_type)

when I try and connect. So I want to either reconfigure the management access to use just HTTP or remove the certificate. I have logged on to the serial console and there are no options her to do this. Any ideas? The RADIUS and TACACS functions are working correctly - I just can't logon via the GUI.

Labels:
0 Helpful
1 Reply 1

shackma39
Level 1
Level 1

‎11-16-2011 05:39 PM

I have managed to fix this for anyone who's interested. The problem was caused by the certificate template I used when I created from my CA server. It should be a web server certificate template and I left this setting at the default which is set to Administrator template.

To recover the appliance this is what I did:

I downloaded a trial version of ACS 4.1 for windows and installed it onto a Win2003 server.

From the console CLI connection on the ACS appliance I did a backup of the device and put this onto my FTP server.

Then I restored this backup to the Windows ACS trial version. I immediately had the same issue with unable to access the GUI due to the certificate issue.

I then went into the Certificate Snap in via MMC and found the certificate and CA certificate and deleted them and rebooted the server. Now I could access the GUI correctly and the management access over HTTPS was now turned off.

So then I created a new certificate from my CA server, with the correct template and installed it onto the Windows ACS server. I tried Management access over HTTPS and all good but decided to disable this as not required. (The certificate is for PEAP authentication). Then I backed up the Windows ACS and restored it into the appliance - hey presto it's back.

Moral of the story - don't use Management over HTTPS!!

0 Helpful
Customers Also Viewed These Support Documents