Request certificate to ACS Appliance ver4.1

Unanswered Question


The CA is a Windows 2003 and the ACS Appliance 4.1 is running on an embedded Windows 2000. I need to implement EAP-TLS, I have read several documents that explain how ask for certificates to the ACS, nevertheless it has not been possible to me to use them, ACS shows this error when I have tried to load it: "the CA certificate you're trying add is expired or is not yet valid ".

I have done the procedures described in the guides rigorously, and I have not get any successful result.

Please Help!!!

Best Regards

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
andrew.brazier@... Wed, 11/21/2007 - 02:00

I would strongly recommend saving yourself a lot of trouble and buying a certificate from an online CA. I always recommend as their certs are cheap ($200 for three years), quick to get (about 20 minutes) and they work very well with ACS. No need to install root certs on your client devices, no extra hassle, nice and easy.

Self generated certs seem like a good idea but when you take account of all the extra effort against the low cost of a bought certificate it just isn't worth it.

Richard Atkin Thu, 11/22/2007 - 14:29

Sounds like the obvious answer might be required here... Check that the CA & ACS are both set to the correct Time & Date. If the CA or ACS date settings are very wrong, then the data comparison that takes place will easily be invalidated, and you get an error like the one you're seeing.

Check date settings on the boxes and get back to us...



andrew.brazier@... Fri, 11/23/2007 - 04:59

I take it you must have installed a cert even though it's reported as not valid? If so, try removing the installed cert (you can do this through the "Install Cert" option, just don't enter any information and click submit) then raise a new CSR.

hwknight53 Tue, 11/27/2007 - 05:05

I'm not that familiar with the Appliance, but W2K3 doesn't allow the private key to be exported with the certificate. That caused me trouble with a 4.1 ACS server. You must create a new template on the CA that allows the key to be exported.

See Cisco Document ID: 64068



This Discussion