Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
743
Views
0
Helpful
5
Replies

ACS SE no load Cetificate CA Enterprise Windows 2003

ganfossi
Level 1
Level 1

‎11-22-2007 07:20 AM - edited ‎03-10-2019 03:31 PM

I have an ACS Appliance with integrated Windows 2000 version 4.1.1.23 , I need to implement EAP-TLS in a Domain Windows 2003, the CA that I am using is a "CA 2003". I have read several documents that explain how ask for certificates to the ACS, nevertheless it has not been possible to load in the ACS the certificate emitted by the CA. The certificate generated by the CA has the

extension *.cer, but the other one *.pvk file is not generated. THIS IS THE MAIN

PROBLEM.

I have read and followed every configuration step I found in this Document:

Cisco Document ID: 64067

The ACS documentation indicates interoperability with Windows 2003.

Labels:
0 Helpful
5 Replies 5

Jagdeep Gambhir
Level 10
Level 10

‎11-24-2007 05:58 AM

In CA there is no need of Pvk. We need pvk file only for server certificate and not for CA. Both server cert and CA have extension .cer . Find attached the TLS guide.

Regards,

~JG

Do rate helpful posts

Preview file
125 KB
0 Helpful

ganfossi
Level 1
Level 1
In response to Jagdeep Gambhir

‎11-26-2007 06:28 AM

When requesting the certificate for ACS, CA delivers a file extension *. cer, trying to load the certificate via FTP ACS does not allow this, since it states that do not find the *. pvk.

The ACS SE have embedde windows 2000 server

0 Helpful

hwknight53
Level 1
Level 1

‎11-27-2007 04:47 AM

Read Cisco Document ID: 64068

The problem is that in W2K3 MS changed the templates so that the private key is not exportable. You have to create a new template.

Wes

0 Helpful

ganfossi
Level 1
Level 1
In response to hwknight53

‎11-27-2007 05:07 AM

yes, I followed a step by step guide EAP-TLS configuration guide v1.03 and the template with key exportable

0 Helpful

ismail884
Level 1
Level 1

‎01-25-2008 08:49 AM

Hi,

you can use "Generate Certificate Signing Request" in the appliance System configuration page, to request a Certificate from your CA.in the field Private Key file put o name with the extention .pvk and type a password.when you will have the certificate from the CA, download it to your ACS Appliance,you don't need to download the Private key, it's stored in the Appliance, just put the name that you've entred in the first phase of generating a CSR.

I hope that it will help you.

Ismail

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents