CA and Certificate Issue in ACS 4.0 For Windows 2003 Enterprise Server

Unanswered Question
Aug 20th, 2007
User Badges:

Hi,


I have configured Microsoft CA server on the same ACS 4.0 for Windows 2003 enterprise server which was configured earlier using the self generated certificates for EAP and PEAP authentications.


After I change the certificate from self generated to the new CA certificate that can be viewed under install ACS certificate option on ACS server but having the following problems


1. SSL is not functioning while internet browser access to the ACS server and going through http instead of https.


2. Wireless clients are authenticated successfully even after the certificate is uninstalled.


Any help on these problems will be appreciated.


Thanks

Best Regards,

Ahmed

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rochopra Mon, 08/20/2007 - 03:12
User Badges:
  • Cisco Employee,

Hi,


Do make sure that you have also installed CA certificate by going to

System configuration > ACS certificate setup > ACS Certification Authority Setup


Also make sure that after installing CA certificate you have selected it in "Edit Certificate Trust List"


Following link can give you stepwise procedure for the same:


http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml#maintask1


Hope this helps.


~Rohit

sahmedshahcsd Mon, 08/20/2007 - 04:41
User Badges:

Hi Rohit,


Thanks for this link, I followed the procedure step wise it didnt worked.


Regards,

Ahmed

rochopra Mon, 08/20/2007 - 05:13
User Badges:
  • Cisco Employee,

In that case, Can you check if "Use HTTPS Transport for Administration Access" is still selected in Administration control > Access Policy.


~Rohit

sahmedshahcsd Tue, 08/21/2007 - 04:21
User Badges:

Hi Rohit,


Thanks for reminding the HTTPS option under Administration Control on ACS.


I have some doubts pertaining to installation of certificates on Wireless clients though it is optional for Self Generated Certificates but what in case of Mirosoft CA as I tested wireless client authentications even after removing the certificate from microsoft supplicant WindowsXP SP2 having installed the patch KB885453 for PEAP. How the certificate on wireless client works.


Is it mandatory or optional to keep certificate on Wireless Clients as they could able to get authenticated through ACS after removing the certificate.


Thanks

Best Regards,

Ahmed


andrew.brazier@... Wed, 08/22/2007 - 01:31
User Badges:
  • Bronze, 100 points or more

Under the Global Security Configuration on the ACS, do you have the LEAP box checked? If so, that may be how your wireless clients are getting connected.


As for the certificate, save yourself the hassle of using a Windows CA and buy one. www.rapidssl.com, $60 for a 1 year cert.

Actions

This Discussion