ACS SE - Public Cert from RapidSSL

charlie-hall · ‎06-16-2008

I am attempting to authentication wireless clients via WLC6 via ACS SE 4.2 and this forum has provided me more information than Cisco Documentation.

In trying to obtains a 30day free trial cert from RapidSSL.com, When I submit my CSR, Rapidfire tells my that my common name is not a FQDN, I am using "acs-se.domainname.loc". Is it the .LOC that is causing my problems? Is there a way around that? I have tried downloading a cert my windows primary DC, had issues with my CRL and CTL. Basically I could not get the ACS SE to trust my Windows Cert. I am finding PEAP and EAP-FAST to be more difficult than it really should be.

Thanks

Charlie

Jagdeep Gambhir · ‎06-17-2008

Charlie,

The Certificate Signing Request screen within ACS does not have fields required by public Certificate Authorities, but you can still obtain a proper CSR by using the following subject format:

CN=server.domain.com,c=US,S=State,L=City,o=Company,ou=Department

Let me know if you have any question.

Regards,

~JG

Do rate helpful posts

charlie-hall · ‎06-17-2008

JG,

Thanks for your response. RapidSSL would not allow a Private FQDN that ends in .LOC such as mine.

I ended up following this procedure that covers 95% of what you need for a Private Cert from my MS DCs.

http://www.cisco.com/en/US/products/sw/secursw/ps5338/products_configuration_example09186a008020a45c.shtml

My Wireless supplicants can now successfully authenticate using PEAP without monkeying around with CERTs on the client side.

Thanks

Charlie