cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

465
Views
0
Helpful
1
Replies
bruceboardman
Beginner

Verisign CERT Root Changw

Verisign as of Oct. 10th has change the root ca they sign CERTS with. Our 802.1x supplicants are configured to trust only the older Class 3 Public Primary root that is part of widows. Is there any way to configure the ACS box to support the older root as reconfiguring all the supplicants is a non-trivial task. I wondered if there was a way to create a self-signed CERT to act as the root? Has anyone had this problem? Thanks

1 REPLY 1
Jagdeep Gambhir
Advocate

Bruce,

ACS can genrate self sign certificate but this will only work when client do not validate server certificate. If validation is required in your setup then self sign cert wont help.

If installing cert on each client is feasable then configured not to validate server cert then your current set up will work fine.

Regards,

~JG

Do rate helpful posts

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel