Renew the Certificate in Cisco ACS for PEAP Authentication

Answered Question
Jul 16th, 2009
User Badges:

Hi, we have installed in the wireless client laptops a certificate created by Cisco ACS to authenticate, but its about to expire.

How can i do to renew the certificate whithout affecting the users.

Correct Answer by Jagdeep Gambhir about 7 years 11 months ago

1) Yes, we can generate a new cert but install that latter.


2) Install new generated cert on client.


3) Install the new cert in ACS.


Good plan and will surely work.



Regards,

~JG


Do rate helpful posts



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Jagdeep Gambhir Fri, 07/17/2009 - 05:52
User Badges:
  • Red, 2250 points or more

Two scenario,


If you are using PEAP without enabling validate server certificate option on client, then there wont be any downtime.


Simply reinstall self sign cert on ACS and all users will be able to connect.


If you are using PEAP with validate server certificate option on client enabled, user won't be able to connect till the time new cert is installed on the client laptop.


Or


Tell user to uncheck the validate server option till the time new cert is installed.



Regards,

~JG


Do rate helpful posts




epatrickwhite Fri, 07/17/2009 - 16:11
User Badges:

The clients wouldn't need to install the new certificate once it's changed on the ACS server? Regardless of whether they have the box checked to validate the certificate, don't they have to have the same certificate installed on the client AND the ACS server?

arturo_triara Tue, 07/21/2009 - 09:15
User Badges:

Thanks JG.

The scenario its:

Users use PEAP with validate server certificate option on client enabled.


My doubt is:


1.- Can i generate on Cisco ACS4.1 the new certifcate (Generate Self-Signed Certificate). At this time the ACS retains the previous certificate.


2.- Then install the new certificate on clients laptop. At this time users will have the old and new certificate installed.


3.-And once installed on clients laptops install it on Cisco ACS4.1 the new certificate. At this time users and ACS have the new certificate.


Will it work?


thanks

regards


Correct Answer
Jagdeep Gambhir Tue, 07/21/2009 - 09:40
User Badges:
  • Red, 2250 points or more

1) Yes, we can generate a new cert but install that latter.


2) Install new generated cert on client.


3) Install the new cert in ACS.


Good plan and will surely work.



Regards,

~JG


Do rate helpful posts



Actions

This Discussion