CA and Certificate Issue in ACS 4.0 For Windows 2003 Enterprise Server

Unanswered Question
Aug 20th, 2007

Hi,

I have configured Microsoft CA server on the same ACS 4.0 for Windows 2003 enterprise server which was configured earlier using the self generated certificates for EAP and PEAP authentications.

After I change the certificate from self generated to the new CA certificate that can be viewed under install ACS certificate option on ACS server but having the following problems

1. SSL is not functioning while internet browser access to the ACS server and going through http instead of https.

2. Wireless clients are authenticated successfully even after the certificate is uninstalled.

Any help on these problems will be appreciated.

Thanks

Best Regards,

Ahmed

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rochopra Mon, 08/20/2007 - 03:12

Hi,

Do make sure that you have also installed CA certificate by going to

System configuration > ACS certificate setup > ACS Certification Authority Setup

Also make sure that after installing CA certificate you have selected it in "Edit Certificate Trust List"

Following link can give you stepwise procedure for the same:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml#maintask1

Hope this helps.

~Rohit

sahmedshahcsd Mon, 08/20/2007 - 04:41

Hi Rohit,

Thanks for this link, I followed the procedure step wise it didnt worked.

Regards,

Ahmed

rochopra Mon, 08/20/2007 - 05:13

In that case, Can you check if "Use HTTPS Transport for Administration Access" is still selected in Administration control > Access Policy.

~Rohit

sahmedshahcsd Tue, 08/21/2007 - 04:21

Hi Rohit,

Thanks for reminding the HTTPS option under Administration Control on ACS.

I have some doubts pertaining to installation of certificates on Wireless clients though it is optional for Self Generated Certificates but what in case of Mirosoft CA as I tested wireless client authentications even after removing the certificate from microsoft supplicant WindowsXP SP2 having installed the patch KB885453 for PEAP. How the certificate on wireless client works.

Is it mandatory or optional to keep certificate on Wireless Clients as they could able to get authenticated through ACS after removing the certificate.

Thanks

Best Regards,

Ahmed

andrew.brazier@... Wed, 08/22/2007 - 01:31

Under the Global Security Configuration on the ACS, do you have the LEAP box checked? If so, that may be how your wireless clients are getting connected.

As for the certificate, save yourself the hassle of using a Windows CA and buy one. www.rapidssl.com, $60 for a 1 year cert.

Actions

This Discussion