08-02-2004 03:51 PM - edited 07-04-2021 09:51 AM
for those who have troubles getting verisign cert working on the ACS box, i just spoke to a verisign tech support after facing issues with certs. He mentioned that when generating a CSR on ACS, it generates extra info that are not compatible with verisign. Verisign is working on the issue, it is expected to be rectified soon (in a day or two). The tech support refused to give me further info about what version of ACS causing the issue or so... I'm using ACS3.3 at the moment.
08-03-2004 01:34 AM
We use Cert's from Thawte and it works fine.
08-04-2004 01:57 AM
Oliver,
We are using the 1111 appliance with 3.2.3 firmware. I have installed a cert from Thawte which seems OK, however, when I try and enable Peap in Global Config. I just get an error with cert not installed. Have you any ideas? As far as I can tell I have followed the procedure to request and install the cert correctly.
Barry
08-04-2004 10:17 AM
I've installed a Verisign cert on the ACS with minimal difficulty, but it does take a couple of extra steps.
When generating the cert request on the ACS, you have to enter the complete identification path in the Common Name field of the form. i.e., instead of just cn=Ciscoacs, you have to enter c=US,s=Florida,l=KeyWest,o=TheShirtShack,ou=Accounting,cn=Ciscoacs all on the same line.
Also, if the certificate file format that Verisign sends back is not recognized by the ACS, you can import it into your web browser and then re-export it in the correct format (DER .509 if I recall correctly) and then upload the reformatted cert to the ACS.
It works fine after all that =)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide