11-19-2007 02:00 PM - edited 03-10-2019 03:31 PM
Hi:
The CA is a Windows 2003 and the ACS Appliance 4.1 is running on an embedded Windows 2000. I need to implement EAP-TLS, I have read several documents that explain how ask for certificates to the ACS, nevertheless it has not been possible to me to use them, ACS shows this error when I have tried to load it: "the CA certificate you're trying add is expired or is not yet valid ".
I have done the procedures described in the guides rigorously, and I have not get any successful result.
Please Help!!!
Best Regards
11-21-2007 02:00 AM
I would strongly recommend saving yourself a lot of trouble and buying a certificate from an online CA. I always recommend www.rapidssl.com as their certs are cheap ($200 for three years), quick to get (about 20 minutes) and they work very well with ACS. No need to install root certs on your client devices, no extra hassle, nice and easy.
Self generated certs seem like a good idea but when you take account of all the extra effort against the low cost of a bought certificate it just isn't worth it.
11-22-2007 05:44 AM
Thanks, but this solution she is not the one that I require, I need to use a CA Enterprise in a Windows 2003,I need to configuring EAP TLS and to authenticate to the users of domain Windows.
11-22-2007 02:29 PM
Sounds like the obvious answer might be required here... Check that the CA & ACS are both set to the correct Time & Date. If the CA or ACS date settings are very wrong, then the data comparison that takes place will easily be invalidated, and you get an error like the one you're seeing.
Check date settings on the boxes and get back to us...
Regards,
Richard
11-23-2007 04:08 AM
And check the date and correct this, the problem is that I am not generating the file. PVK, even if asked to do so.
Best regard.
Giovanni Anfossi
11-23-2007 04:59 AM
I take it you must have installed a cert even though it's reported as not valid? If so, try removing the installed cert (you can do this through the "Install Cert" option, just don't enter any information and click submit) then raise a new CSR.
11-27-2007 05:05 AM
I'm not that familiar with the Appliance, but W2K3 doesn't allow the private key to be exported with the certificate. That caused me trouble with a 4.1 ACS server. You must create a new template on the CA that allows the key to be exported.
See Cisco Document ID: 64068
Wes
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: