ACS SE no load Cetificate CA Enterprise Windows 2003

Unanswered Question

I have an ACS Appliance with integrated Windows 2000 version , I need to implement EAP-TLS in a Domain Windows 2003, the CA that I am using is a "CA 2003". I have read several documents that explain how ask for certificates to the ACS, nevertheless it has not been possible to load in the ACS the certificate emitted by the CA. The certificate generated by the CA has the

extension *.cer, but the other one *.pvk file is not generated. THIS IS THE MAIN


I have read and followed every configuration step I found in this Document:

Cisco Document ID: 64067

The ACS documentation indicates interoperability with Windows 2003.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jagdeep Gambhir Sat, 11/24/2007 - 05:58
User Badges:
  • Red, 2250 points or more

In CA there is no need of Pvk. We need pvk file only for server certificate and not for CA. Both server cert and CA have extension .cer . Find attached the TLS guide.



Do rate helpful posts

hwknight53 Tue, 11/27/2007 - 04:47
User Badges:

Read Cisco Document ID: 64068

The problem is that in W2K3 MS changed the templates so that the private key is not exportable. You have to create a new template.


ismail884 Fri, 01/25/2008 - 08:49
User Badges:


you can use "Generate Certificate Signing Request" in the appliance System configuration page, to request a Certificate from your the field Private Key file put o name with the extention .pvk and type a password.when you will have the certificate from the CA, download it to your ACS Appliance,you don't need to download the Private key, it's stored in the Appliance, just put the name that you've entred in the first phase of generating a CSR.

I hope that it will help you.



This Discussion