Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
427
Views
0
Helpful
1
Replies

ACS Certificate installation problem. Please Help !!!

adipop777
Level 1
Level 1

‎02-16-2005 08:22 AM - edited ‎07-04-2021 10:27 AM

hello,

I have following configuration:

Catalyst 2950G-proximity switches with IOS 12.1(19)EA1c.

Cisco Secure ACS Appliance 3.2.3.11

SunONE Directory Server ldap server version 5.2_Patch_2

I am trying to setup 802.1x authentication for wired and wireless (aironet) clients, with VLAN parameter provided by using group mapping with ldap groups.

I understand that the best for that will be EAP-GTC version of PEAP.

I tried (for a week now!!!) to install the certificate in order to activate PEAP on ACS.

I carefully read and re-read following documents:

http://www.cisco.com/univercd/cc/td/doc/product/access/acs_soft/csacsapp/csapp32/user/sau.htm

and this one

http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_configuration_example09186a008020a45c.shtml

I setup three times a CA using "Microsoft Certificate Services" and OpenSSL. I am positive that I’ve done it correctly since each time CA certificate installation worked and each time I found the the CA in the "Certificate Trust List"

The procedure to install the certificate:

1. Install the CA certificate on ACS server (through ftp)

2. Create the Certificate Signing Request and paste in Notepad to make the private key file

3. Paste the Certificate Signing Request into the "base64 encoded PKCS#10..."

4. Get the Server Certificate after issuing and put along with private key file on the ftp server.

When trying to install I get that

"Unsupported private key file format."

message.

The private key file IS the Certificate Signing Request past-ed in a file, Isn’t it?!?

I have done that many times. I tried many names and extensions for files. I tried to overcome the UNIX and DOS representation for CR and LF in text files.

Each time the same error message.

same problem like in this thread:

http://forums.cisco.com/eforum/servlet/NetProf?page=netprof&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd61919

Everybody, please help, !!!!

Labels:
0 Helpful
1 Reply 1

sstudsdahl
Level 4
Level 4

‎02-16-2005 12:22 PM

The private key file is a separate file that gets generated by ACS when you create your CSR. I am not sure where the default directory is that it gets stored. You should be able to specify a maximum path for the location that the private key file gets created. Then when you go to import the issued certificate to ACS, you will also need to go back and tell ACS where this private key file is so that it be used.

Steve

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card