Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
558
Views
0
Helpful
5
Replies

CA and Certificate Issue in ACS 4.0 For Windows 2003 Enterprise Server

sahmedshahcsd
Level 1
Level 1

‎08-20-2007 02:47 AM - edited ‎03-10-2019 03:20 PM

Hi,

I have configured Microsoft CA server on the same ACS 4.0 for Windows 2003 enterprise server which was configured earlier using the self generated certificates for EAP and PEAP authentications.

After I change the certificate from self generated to the new CA certificate that can be viewed under install ACS certificate option on ACS server but having the following problems

1. SSL is not functioning while internet browser access to the ACS server and going through http instead of https.

2. Wireless clients are authenticated successfully even after the certificate is uninstalled.

Any help on these problems will be appreciated.

Thanks

Best Regards,

Ahmed

Labels:
0 Helpful
5 Replies 5

rochopra
Cisco Employee
Cisco Employee

‎08-20-2007 03:12 AM

Hi,

Do make sure that you have also installed CA certificate by going to

System configuration > ACS certificate setup > ACS Certification Authority Setup

Also make sure that after installing CA certificate you have selected it in "Edit Certificate Trust List"

Following link can give you stepwise procedure for the same:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml#maintask1

Hope this helps.

~Rohit

0 Helpful

sahmedshahcsd
Level 1
Level 1
In response to rochopra

‎08-20-2007 04:41 AM

Hi Rohit,

Thanks for this link, I followed the procedure step wise it didnt worked.

Regards,

Ahmed

0 Helpful

rochopra
Cisco Employee
Cisco Employee
In response to sahmedshahcsd

‎08-20-2007 05:13 AM

In that case, Can you check if "Use HTTPS Transport for Administration Access" is still selected in Administration control > Access Policy.

~Rohit

0 Helpful

sahmedshahcsd
Level 1
Level 1
In response to rochopra

‎08-21-2007 04:21 AM

Hi Rohit,

Thanks for reminding the HTTPS option under Administration Control on ACS.

I have some doubts pertaining to installation of certificates on Wireless clients though it is optional for Self Generated Certificates but what in case of Mirosoft CA as I tested wireless client authentications even after removing the certificate from microsoft supplicant WindowsXP SP2 having installed the patch KB885453 for PEAP. How the certificate on wireless client works.

Is it mandatory or optional to keep certificate on Wireless Clients as they could able to get authenticated through ACS after removing the certificate.

Thanks

Best Regards,

Ahmed

0 Helpful

andrew.brazier
Level 4
Level 4
In response to sahmedshahcsd

‎08-22-2007 01:31 AM

Under the Global Security Configuration on the ACS, do you have the LEAP box checked? If so, that may be how your wireless clients are getting connected.

As for the certificate, save yourself the hassle of using a Windows CA and buy one. www.rapidssl.com, $60 for a 1 year cert.

0 Helpful
Customers Also Viewed These Support Documents