Certificate issues in ACS 4.0 for Windows

Unanswered Question
May 22nd, 2007


One of the ACS is configured as CA using third party Certificate, But the server certificate on ACS was self generated and is expired.

I tried using the same third party certificate to replace the existing expired server certificate on ACS both by generating CSR on ACS and install new certificate using local storage and read from file options but failed.It gives the following error while using CSR generated private key

"private key doesnt fit for this certificate"

Next assuming that the installed third party certificate with its own private key can be used to install certificate from the storage gives the following error:

"Cannot get the private key from certificate. It's absent or not marked as exportable"

Again assuming that third party certificate has multi server/seat licences.

Any solution to this issue will be of great help.




I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
pradeepde Mon, 05/28/2007 - 11:26

Re-installing the certificate may resolve this issue.

Install CA Certificate on your Appliance


A. Go to System Configuration > ACS Certificate Setup > ACS Certification Authority


B. Click "Download CA certificate file"

C. Type the IP address or hostname of the FTP server in the FTP Server field

D. Type a valid username that Cisco Secure ACS can use to access the FTP server in the

Login field

E. Type the above user's password in the Password field

F. Type the relative path from the FTP server root directory to the directory containing

the CA certificate file in the Remote FTP Directory field

G. Type the name of the CA certificate file in the Remote FTP File Name field

H. Click Submit

I. Verify the filename in the field and click Submit

J. Restart the ACS services in System Configuration > Service Control


This Discussion