We have a client that was using Eap TLS i think and their PKI Cert have expired. I took some notes so I appologize if this question is incomplete. ACS 4.2 is also being used. ?
Can someone point me to the right document on how to renew these certs?
If they are using ACS, there wouldn't be a need for the WLC to have a device certificate on it.
The ACS would need a valid certificate from their CA, or itself if it is the CA. And the client would need their machine or user cert to authenticate.
So, what is happening with the clients? If you go to the ACS System Config > Certificate is the cert still valid?
On the ACS, you can generate a new CSR and submit that to the CA. Once you have it, import it into the ACS. The following goes ove the steps needed.