Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
0
Helpful
1
Replies

Upgrade ACS 4.2 to 5.5 with client certificate authentication

y.lo
Level 1
Level 1

‎02-26-2014 12:25 AM - edited ‎03-10-2019 09:27 PM

I understand that there is a migration tool that can help upgrade ACS 4.2 on windows platform to 5.5 apliance. However, it does not support certificate migration.

Customer is using client certificate for wireless client authentication. Does that mean I have to generate CSR on the new ACS 5.5 appliance and have it signed by an external CA, for every client certificate on the existing ACS 4.2?

Labels:
0 Helpful
1 Reply 1

Muhammad Munir
Level 5
Level 5

‎03-04-2014 04:01 AM

Hi

FYI

Certificate  Authentication Profiles allows you to customize the authentication for different  certificate profiles.

Identity store  authorization is optional for certificate-based authentication.

Root CA  certificates must be imported.

Trusted certificate authorities are defined under the  certificate configuration options in Users and Identity Stores. Here, the  authentication characteristics of different certificate profiles are also  specified.

Certificate authentication profiles are referenced in access  service identity policy, and they allow you to specify:

The certificate  field that should be used as the principal username.

Whether a binary  comparison of the certificate should be performed.

Migration Notes

PEM- or  DER-formatted  X.509 certificates can be imported to create a list of trusted CAs.

ACS 5.5 does  not check whether the certificate owner exists in a directory, but you can check  the existence of a user attribute in an access service authorization policy.

for more details please go through the following link:

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/migration/guide/migration_guide/Migration_Configure.html#wp1053387

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents