cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
625
Views
0
Helpful
6
Replies

Request certificate to ACS Appliance ver4.1

ganfossi
Level 1
Level 1

Hi:

The CA is a Windows 2003 and the ACS Appliance 4.1 is running on an embedded Windows 2000. I need to implement EAP-TLS, I have read several documents that explain how ask for certificates to the ACS, nevertheless it has not been possible to me to use them, ACS shows this error when I have tried to load it: "the CA certificate you're trying add is expired or is not yet valid ".

I have done the procedures described in the guides rigorously, and I have not get any successful result.

Please Help!!!

Best Regards

6 Replies 6

andrew.brazier
Level 4
Level 4

I would strongly recommend saving yourself a lot of trouble and buying a certificate from an online CA. I always recommend www.rapidssl.com as their certs are cheap ($200 for three years), quick to get (about 20 minutes) and they work very well with ACS. No need to install root certs on your client devices, no extra hassle, nice and easy.

Self generated certs seem like a good idea but when you take account of all the extra effort against the low cost of a bought certificate it just isn't worth it.

Thanks, but this solution she is not the one that I require, I need to use a CA Enterprise in a Windows 2003,I need to configuring EAP TLS and to authenticate to the users of domain Windows.

Richard Atkin
Level 4
Level 4

Sounds like the obvious answer might be required here... Check that the CA & ACS are both set to the correct Time & Date. If the CA or ACS date settings are very wrong, then the data comparison that takes place will easily be invalidated, and you get an error like the one you're seeing.

Check date settings on the boxes and get back to us...

Regards,

Richard

And check the date and correct this, the problem is that I am not generating the file. PVK, even if asked to do so.

Best regard.

Giovanni Anfossi

I take it you must have installed a cert even though it's reported as not valid? If so, try removing the installed cert (you can do this through the "Install Cert" option, just don't enter any information and click submit) then raise a new CSR.

hwknight53
Level 1
Level 1

I'm not that familiar with the Appliance, but W2K3 doesn't allow the private key to be exported with the certificate. That caused me trouble with a 4.1 ACS server. You must create a new template on the CA that allows the key to be exported.

See Cisco Document ID: 64068

Wes

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: