11-22-2007 07:20 AM - edited 03-10-2019 03:31 PM
I have an ACS Appliance with integrated Windows 2000 version 4.1.1.23 , I need to implement EAP-TLS in a Domain Windows 2003, the CA that I am using is a "CA 2003". I have read several documents that explain how ask for certificates to the ACS, nevertheless it has not been possible to load in the ACS the certificate emitted by the CA. The certificate generated by the CA has the
extension *.cer, but the other one *.pvk file is not generated. THIS IS THE MAIN
PROBLEM.
I have read and followed every configuration step I found in this Document:
Cisco Document ID: 64067
The ACS documentation indicates interoperability with Windows 2003.
11-24-2007 05:58 AM
11-26-2007 06:28 AM
When requesting the certificate for ACS, CA delivers a file extension *. cer, trying to load the certificate via FTP ACS does not allow this, since it states that do not find the *. pvk.
The ACS SE have embedde windows 2000 server
11-27-2007 04:47 AM
Read Cisco Document ID: 64068
The problem is that in W2K3 MS changed the templates so that the private key is not exportable. You have to create a new template.
Wes
11-27-2007 05:07 AM
yes, I followed a step by step guide EAP-TLS configuration guide v1.03 and the template with key exportable
01-25-2008 08:49 AM
Hi,
you can use "Generate Certificate Signing Request" in the appliance System configuration page, to request a Certificate from your CA.in the field Private Key file put o name with the extention .pvk and type a password.when you will have the certificate from the CA, download it to your ACS Appliance,you don't need to download the Private key, it's stored in the Appliance, just put the name that you've entred in the first phase of generating a CSR.
I hope that it will help you.
Ismail
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: