Renew the Certificate in Cisco ACS for PEAP Authentication

Answered Question
Jul 16th, 2009

Hi, we have installed in the wireless client laptops a certificate created by Cisco ACS to authenticate, but its about to expire.

How can i do to renew the certificate whithout affecting the users.

I have this problem too.
0 votes
Correct Answer by Jagdeep Gambhir about 7 years 4 months ago

1) Yes, we can generate a new cert but install that latter.

2) Install new generated cert on client.

3) Install the new cert in ACS.

Good plan and will surely work.

Regards,

~JG

Do rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Jagdeep Gambhir Fri, 07/17/2009 - 05:52

Two scenario,

If you are using PEAP without enabling validate server certificate option on client, then there wont be any downtime.

Simply reinstall self sign cert on ACS and all users will be able to connect.

If you are using PEAP with validate server certificate option on client enabled, user won't be able to connect till the time new cert is installed on the client laptop.

Or

Tell user to uncheck the validate server option till the time new cert is installed.

Regards,

~JG

Do rate helpful posts

epatrickwhite Fri, 07/17/2009 - 16:11

The clients wouldn't need to install the new certificate once it's changed on the ACS server? Regardless of whether they have the box checked to validate the certificate, don't they have to have the same certificate installed on the client AND the ACS server?

arturo_triara Tue, 07/21/2009 - 09:15

Thanks JG.

The scenario its:

Users use PEAP with validate server certificate option on client enabled.

My doubt is:

1.- Can i generate on Cisco ACS4.1 the new certifcate (Generate Self-Signed Certificate). At this time the ACS retains the previous certificate.

2.- Then install the new certificate on clients laptop. At this time users will have the old and new certificate installed.

3.-And once installed on clients laptops install it on Cisco ACS4.1 the new certificate. At this time users and ACS have the new certificate.

Will it work?

thanks

regards

Correct Answer
Jagdeep Gambhir Tue, 07/21/2009 - 09:40

1) Yes, we can generate a new cert but install that latter.

2) Install new generated cert on client.

3) Install the new cert in ACS.

Good plan and will surely work.

Regards,

~JG

Do rate helpful posts

Actions

This Discussion