cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
749
Views
10
Helpful
4
Replies

Expired PKI Certs on 5508 wlse...how to renew?

zach.mann
Level 1
Level 1

Hey Folks,

We have a client that was using Eap TLS i think and their PKI Cert have expired.  I took some notes so I appologize if this question is incomplete.  ACS 4.2 is also being used.  ?

Can someone point me to the right document on how to renew these certs?

4 Replies 4

Stephen Rodriguez
Cisco Employee
Cisco Employee

If they are using ACS, there wouldn't be a need for the WLC to have a device certificate on it.

The ACS would need a valid certificate from their CA, or itself if it is the CA.  And the client would need their machine or user cert to authenticate.

So, what is happening with the clients?  If you go to the ACS System Config > Certificate is the cert still valid?

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered

I was told they switched to WPA PSK in the meantime.  Let me get more info and come back with details..

zach.mann
Level 1
Level 1

They are currently using ACS 4.2, after their certs expired they switched to WPS PSK.   We need to renew these certs.

On the ACS, you can generate a new CSR and submit that to the CA.  Once you have it, import it into the ACS.  The following goes ove the steps needed.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/configuration/guide/peap_tls.html

HTH,

Steve

HTH,
Steve

------------------------------------------------------------------------------------------------
Please remember to rate useful posts, and mark questions as answered
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: