08-20-2007 02:47 AM - edited 03-10-2019 03:20 PM
Hi,
I have configured Microsoft CA server on the same ACS 4.0 for Windows 2003 enterprise server which was configured earlier using the self generated certificates for EAP and PEAP authentications.
After I change the certificate from self generated to the new CA certificate that can be viewed under install ACS certificate option on ACS server but having the following problems
1. SSL is not functioning while internet browser access to the ACS server and going through http instead of https.
2. Wireless clients are authenticated successfully even after the certificate is uninstalled.
Any help on these problems will be appreciated.
Thanks
Best Regards,
Ahmed
08-20-2007 03:12 AM
Hi,
Do make sure that you have also installed CA certificate by going to
System configuration > ACS certificate setup > ACS Certification Authority Setup
Also make sure that after installing CA certificate you have selected it in "Edit Certificate Trust List"
Following link can give you stepwise procedure for the same:
Hope this helps.
~Rohit
08-20-2007 04:41 AM
Hi Rohit,
Thanks for this link, I followed the procedure step wise it didnt worked.
Regards,
Ahmed
08-20-2007 05:13 AM
In that case, Can you check if "Use HTTPS Transport for Administration Access" is still selected in Administration control > Access Policy.
~Rohit
08-21-2007 04:21 AM
Hi Rohit,
Thanks for reminding the HTTPS option under Administration Control on ACS.
I have some doubts pertaining to installation of certificates on Wireless clients though it is optional for Self Generated Certificates but what in case of Mirosoft CA as I tested wireless client authentications even after removing the certificate from microsoft supplicant WindowsXP SP2 having installed the patch KB885453 for PEAP. How the certificate on wireless client works.
Is it mandatory or optional to keep certificate on Wireless Clients as they could able to get authenticated through ACS after removing the certificate.
Thanks
Best Regards,
Ahmed
08-22-2007 01:31 AM
Under the Global Security Configuration on the ACS, do you have the LEAP box checked? If so, that may be how your wireless clients are getting connected.
As for the certificate, save yourself the hassle of using a Windows CA and buy one. www.rapidssl.com, $60 for a 1 year cert.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide